[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [External] Re: Replication suddenly broken

To: Prentice Bisbal <pbisbal@pppl.gov>, Prentice Bisbal <pbisbal@princeton.edu>, openldap-technical@openldap.org
Subject: Re: [External] Re: Replication suddenly broken
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 21 Jan 2020 09:22:25 -0800
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com C8A00C13FA
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1579627345; bh=jlc1fEJqe4dTuXmQU3NbY7fHjfNo5vf2D0LJpSBFNyM=; h=Date:From:To:Message-ID:MIME-Version; b=THvwagn0kl8yy6DvKdO6sdgaaTzQ2VeOxAawy85X1LyquMp5ebZp867EZWzO6yIKZ RzJ3+REKSuiPwHewkOUXz5RQNEcdNzcDYiagaqdVd+JKoRVDpbgbTqB4sWUDgcGLql Yppu1Puz3IWIuEsgBB6+nn52g+5G6vvAoB1y6jNQ4/rHdXHqD9kBno0lKibk80SmkA Lg0L447yJNjlxQ2HQqf6Q25hieEsESiNF2Z5+/DR+6BsHOC6bPVz2dFOiDB8hj+wnT 7lF/dF6y44Db1qBqqKb9bmcIQ2ORUwtHGOdjjXbe7+SyPuf/+W8hw4ZiSOjW9BgjFC hw+iiFKGNM4cA==
In-reply-to: <d068f0ed-6b2e-a9f5-339c-fee179b04843@pppl.gov>
References: <1e2cf1d2-a12f-4791-0d10-ae9a24656a8d@princeton.edu> <65f85e06b11b42a39679f6dbc6247a30@DM6PR04MB3820.namprd04.prod.outlook.com> <d068f0ed-6b2e-a9f5-339c-fee179b04843@pppl.gov>

--On Friday, January 17, 2020 1:12 PM -0500 Prentice Bisbal<pbisbal@pppl.gov> wrote:

Well, the error came from cyrus-sasl rather than OpenLDAP.  This would
indicate to me that the not authorized came from the KDC.  Have you
checked to ensure the keys in the keytab file haven't expired inside the
KDC?

That's exactly what I suspected. We're using AD for our Kerberos Client,
and one of our AD admins insists that it couldn't be expired credentials.
I did use a utility called msktutil to make sure the kerberos tickets in
/etc/krb5.keytab were up to date, but I'm still getting that error.  Any
ideas on how to prove/disprove what you suggest, so I can go back to my
AD admins with more information?


Hi Prentice,

Unfortunately I have no experience using AD as a KDC. So I can't reallyoffer any further debugging advice.


Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Replication suddenly broken
  - From: Prentice Bisbal <pbisbal@princeton.edu>
- Re: [External] Re: Replication suddenly broken
  - From: Prentice Bisbal <pbisbal@pppl.gov>

Prev by Date: implementing changlog in openldap
Next by Date: Re: implementing changlog in openldap
Index(es):
- Chronological
- Thread