[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd 2.4.23 SASL/GSSAPI problem





On 12/06/2010 01:22 AM, Indexer wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 05/12/2010, at 00:51, Matej Zagiba wrote:


SASL [conn=1003] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Configuration file does not specify default realm)

Do you mind showing us your slapd configuration, and also your sasl configuration?

in /etc/ldap/slapd.conf I have:

# setup SASL and authentification identities mapping
sasl-host my.ldap.host
sasl-realm MY.KRB.REALM

authz-regexp
  uid=([^,/])([^,/]*),cn=my.krb.realm,cn=gssapi,cn=auth
  ldap:///ou=$1,ou=people,dc=domain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))

authz-regexp
  uid=([^,/])([^,/]*),cn=gssapi,cn=auth
  ldap:///ou=$1,ou=people,dc=gomain,dc=top??one?(&(uid=$1$2)(objectClass=posixAccount))


in /etc/krb5.conf I have:

[libdefaults]
        default_realm = MY.KRB.REALM
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

[realms]
        MY.KRB.REALM = {
                kdc = krb1.my.domain
                kdc = krb2.my.domain
                admin_server = krb1.my.domain
                database_name = /var/lib/krb5kdc/principal
                iprop_enable = true
                iprop_master_ulogsize = 2048
                iprop_slave_poll = 30
                iprop_port = 755
        }

[domain_realm]
        .my.domain = MY.KRB.REALM
        my.domain = MY.KRB.REALM

[logging]
        kdc = FILE:/var/log/kdc5.log
        admin_server = FILE:/var/log/kadm5.log
        default = FILE:/var/log/krb5.log



I've generated keytab file with ldap/my.ldap.host principal and put it in /etc/ldap/ldap.keytab

Because I don't use {SASL} password scheme, there is no special SASL configuration. Usage is like this (client):

ldapsearch -Y GSSAPI
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Other (e.g., implementation specific) error (80)
	additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Configuration file does not specify default realm)


server logs:
Dec  6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
Dec  6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 BIND dn="" method=163
Dec  6 13:01:16 ldaphost slapd[30828]: SASL [conn=13532] Failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Configuration file does not specify default realm)
Dec  6 13:01:16 ldaphost slapd[30828]: conn=13532 op=0 RESULT tag=97 err=80 text=SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Configuration file does not specify default realm)
Dec  6 13:01:16 ldaphost slapd[30828]: conn=13532 fd=45 closed (connection lost)

I tried google the problem, but it didn't help.

William Brown

pgp.mit.edu



-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iQIcBAEBAgAGBQJM/CyyAAoJEHF16AnLoz6JvI8P/1JliyuejJntiwfsGAbanVay
sj6UaXSd4M9V6X7zd3/MlUpAS7/Bm30iPCkfIgrjb63sLvCqDXX0ZeMSvKXHIpmX
zkyZP32mU7OEm8WMCUM5rl/OkVw7e6DQ1ikRhxi3isusZzBGtd2LBQO4aHU2aoeQ
ZI4RNqJYnUhcN4DWPk+NJfu6gSYPJjCfkzEnQUuwvdJiibe8pE6lBbTQG6W7GqHY
k+2A+XYC5JEmk5pmV9iklviipvgxIN39/Gg/PefpgxxcYbDo4e09uSJVDXA2LjlD
B5CIltk8kvD7ibc5SG/xJ7PhRaTFnFuT9oca7L7TLO8ZIPSBB+uILR80vA8guyaT
6Z7S4Q/UaQ1owBBfGCV/ovqmzMiRb0TEO9EcnEoj15KxIJCkIHa3FEZhp+pf3hfI
1KlkgeHhD2Ez4ewRCwi01mH8vWW8zLeWxlxV7PHzzpo1pttTcykZdUR6EmKY7Y5x
lkMjn6vGJRrkiI55xA0Un3nqgmrHoHkwF3WuU6Bm0P4x/zZGdNlKKIu53t7VcOzb
RtaGE+33dPMoXZ+asgo/JUaS+3UstmOJ3VITAyQKy8H43rK101i6UViFkZGLA3a0
9gESpUqLZ5dh1sQdM/shTgsZpBpOktmYU99rYqTQvnESHTWI2ZRyjco7eEdCNcRF
4pSO3jb4q+dQ1hoPKlpt
=rfTQ
-----END PGP SIGNATURE-----