[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Help with SASL generic GSSAPI error
- To: openldap-technical@openldap.org
- Subject: Help with SASL generic GSSAPI error
- From: Joshua Schaeffer <jschaeffer0922@gmail.com>
- Date: Mon, 12 May 2014 20:52:14 -0600
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type; bh=HQ9YLwXJcQVy6xt6Py+/ZmYoNj9eYTm1a4id7tRki2I=; b=ZbpMuMOlMr/s41w//sTX6DxoWrwU1ZXHQoUyspHsP9vvLeTsYHBaW8coNowG6qFqbQ Agqo+0lTkBZhapFk516CU4qeaGJBEax49Jv1LsFPeq9V20AwFXCDzZ4gqslbaB+DHVVV 5zaSs7JNZGF34Q0wr97x4N+VrTC14cZuzzEAMEDknRC6SzLbqvOS9Z6cJKua52DVbuxK 40g3zNF53CjOrkibNU+qjaApJA9GTLOMRQFHam+f9xFXCBqWYqcEXh24lkCxF8raHU9l DCG9EjKCILAH7+TrIwXPVVWLU55AOzDWAuhsbpLX0F6vHHHEjpACvWX4sumVMDZpPPWq W+Jw==
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0
  
  
    
    I'm looking for a little help concerning the below
      error I get when I do an ldapsearch:
      
      root@mytest:~# ldapsearch -Y GSSAPI
      SASL/GSSAPI authentication started
      ldap_sasl_interactive_bind_s: Other (e.g., implementation
      specific) error (80)
          additional info: SASL(-1): generic failure: GSSAPI Error:
      Unspecified GSS failure.  Minor code may provide more information
      ()
      
      That error is pretty generic to me and the searching I've done to
      find a solution has not yielded anything successful.  I have MIT
      Kerberos and SASL setup and I'm able to successfully get a TGT
      from any machine that can see my KDC.  I also can successfully
      search my ldap directory using simple authentication.  I've run
      the sasl-sample-client and server between several machines
      including: ldap server to krb server, test server to krb server,
      test server to ldap server, etc.  I can complete the sasl test on
      every one.  Running slapd in debug mode doesn't provide me with
      any additional information:
      
      root@baneling:~# slapd -h "ldap:/// ldapi:///" -d 256
      5371865b @(#) $OpenLDAP: slapd  (Apr 23 2013 12:16:04) $
         
      root@lupin:/tmp/buildd/openldap-2.4.31/debian/build/servers/slapd
      5371865c slapd starting
      53718672 conn=1000 fd=13 ACCEPT from IP=10.1.10.10:53839
      (IP=0.0.0.0:389)
      53718672 conn=1000 op=0 BIND dn="" method=163
      53718672 SASL [conn=1000] Failure: GSSAPI Error: Unspecified GSS
      failure.  Minor code may provide more information ()
      53718672 conn=1000 op=0 RESULT tag=97 err=80 text=SASL(-1):
      generic failure: GSSAPI Error: Unspecified GSS failure.  Minor
      code may provide more information ()
      53718672 conn=1000 op=1 UNBIND
      53718672 conn=1000 fd=13 closed
      53718672 connection_read(13): no connection!
      
      I do have the keytab in a non-standard location on the ldap server
      (/etc/ldap/ldap.keytab), so I modified /etc/default/slapd and
      restarted slapd.  I'm not really sure what I can provide from my
      cn=config that would help diagnose this issue let me know and I
      can respond with the details.
      
      Here is my ldap.conf from the server I'm running the ldapsearch
      from (my test server):
      
      root@mytest:~# cat /etc/ldap/ldap.conf 
      #
      # LDAP Defaults
      #
      
      # See ldap.conf(5) for details
      # This file should be world readable but not world writable.
      
      BASE            dc=harmonywave,dc=com
      URI            ldap://baneling.harmonywave.com
      
      #SIZELIMIT        12
      #TIMELIMIT        15
      #DEREF            never
      
      # TLS certificates (needed for GnuTLS)
      TLS_CACERT        /etc/ssl/certs/ca.harmonywave.com.pem
      TLS_REQCERT        demand
      TLS_CHECKPEER        yes
      TLS_CIPHER_SUITE    SECURE256
      
      # LDAP sudo settings
      sudoers_base        ou=SUDOers,dc=harmonywave,dc=com
      
      # SASL Kerberos settings
      SASL_MECH        GSSAPI
      SASL_REALM        HARMONYWAVE.COM
      
      Thanks,
      Josh