[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP config problem with GSSAPI: No such file or directory

To: openldap-software@openldap.org
Subject: Re: LDAP config problem with GSSAPI: No such file or directory
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 17 Jan 2008 14:46:15 +0200
Cc: Listbox <listbox@hymerfania.com>
Content-disposition: inline
In-reply-to: <00e301c8586b$cc53ad40$1100a8c0@hymesruzicka.org>
References: <003c01c857c9$42eb9ec0$1100a8c0@hymesruzicka.org> <BAY124-W492B10C657ACC7CFF2D804B4400@phx.gbl> <00e301c8586b$cc53ad40$1100a8c0@hymesruzicka.org>
User-agent: KMail/1.9.7

On Wednesday 16 January 2008 20:15:36 Listbox wrote:
> Yes, I can kinit,
> I already tried making /etc/krb5.keytab world readable, it did not change
> the "No such file" error. However, should it be owned by root or my slapd
> user?
> [root@trixter ~]# ll /etc/krb5.keytab
> -rw-r--r-- 1 root root 712 2008-01-15 13:00 /etc/krb5.keytab
>
> The logs I check are /var/log/messages  slapd and krb5kdc.log. The logs do
> not show the ldap client error. I DID see some SELINUX errors for
> krb5kdc_rcache and krb5.conf, but I ran restorecon and fixed those. This
> did not stop the error. I guess I'll try turning SELINUX off, and see if
> that makes any difference.
>
> BTW: Here's the command with debug on:
>
> [installer@trixter ~]$  ldapwhoami -V -d 1 -Y GSSAPI
> ldapwhoami: @(#) $OpenLDAP: ldapwhoami 2.3.34 (Nov  2 2007 08:16:20) $
>
> kojibuilder@xenbuilder2.fedora.redhat.com:/builddir/build/BUILD/openldap-2.
>3 .34/openldap-2.3.34/build-clients/clients/tools
>         (LDAP library: OpenLDAP 20333)

[...]

> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure.  Minor code may provide more information (No such
> file or directory)

The "Minor code" error message comes from the GSSAPI layer, the best place to 
look for information on this is in your kdc log file. While you won't see a 
client error, you may see requests for unexpected tickets etc., which would 
require you to fix configuration of non-LDAP issues (e.g. reverse DNS lookups 
etc.).

Regards,
Buchan

References:
- LDAP config problem with GSSAPI: No such file or directory
  - From: "Listbox" <listbox@hymerfania.com>
- RE: LDAP config problem with GSSAPI: No such file or directory
  - From: Amir Saad <eng__amir@hotmail.com>
- RE: LDAP config problem with GSSAPI: No such file or directory
  - From: "Listbox" <listbox@hymerfania.com>

Prev by Date: Re: Berkeley DB, What's the recommended version?
Next by Date: Re: ldap_tls call failed: Can't contact LDAP server
Index(es):
- Chronological
- Thread