Re: Problems connecting to OpenLDAP-2.2.17 with Kerberos (ldapclient).

[Lewis Thompson <lewiz@fajita.org>]

On Wed, Nov 03, 2004 at 05:14:27PM -0200, Andreas wrote:
> On Wed, Nov 03, 2004 at 07:06:28PM +0000, Lewis Thompson wrote:
> > SASL/GSSAPI authentication started
> > ldap_sasl_interactive_bind_s: Local error (-2)
> >         additional info: SASL(-1): generic failure: GSSAPI Error:
> > Miscellaneous failure (see text) (Server (krbtgt/168.0.1@DOMAIN.COM) unknown)
>                                                    ^^^^^^^
> There seems to be a typo somewhere in your config. Perhaps in /etc/hosts, or your
> DNS, or resolver.

That's what I thought.  I've checked everywhere I can think of.  The
only kerberos DNS entry I have now is:

kerberos	IN	CNAME	server
server		IN	A	192.168.0.1
ldap		IN	CNAME	server

My /etc/krb5.conf file has:

[defaults]
        default_realm = DOMAIN.COM

[realms]
        DOMAIN.COM = {
                kdc = kerberos.domain.com
                admin_server = kerberos.domain.com
        }

[domain_realm]
        .domain.com = DOMAIN.COM
        domain.com = DOMAIN.COM

/etc/hosts has just a localhost entry.

dig ldap.domain.com:

ldap.domain.com. 1800    IN      CNAME   server.domain.com.
server.domain.com. 1800  IN      A       192.84.78.42

dig kerberos.domain.com:

kerberos.domain.com. 1800 IN     CNAME   server.domain.com.
server.domain.com. 1800    IN      A       192.84.78.42

  It all seems to add up.  I can't find out where I've gone wrong.

-lewiz.

-- 
I was so much older then, I'm younger than that now.  --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:lewiz@fajita.org | jabber:lewiz@jabber.org | url:www.lewiz.org |-

Attachment: pgpCPPuJNDZht.pgp
Description: PGP signature