[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch using GSSAPI failed to run from other machine ...

To: openldap-software@openldap.org
Subject: ldapsearch using GSSAPI failed to run from other machine ...
From: huican ping <pinghuican@gmail.com>
Date: Wed, 10 Feb 2010 23:41:58 -0600
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=454c5I0LBLrhuCOHz2/yjUxgWqCCFZPbxt+X/oDUQl8=; b=nVjHm4Nr07s1FO1chjte8ExjvubpPAw+qVuecnFGNU5+4INApTxAJfkMiPH5CSlzPK 7+zmzMhBcxGapQRlpqy8Cc9qp2Q2MvZMGWywVzKM7Jrg/Lbu1+yHAFZXB1mX/MGuFwoq zqnbZoS3e9Im+lJahDWfCMVT3aKHS56NcgeXk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=eQV3GvkjcfslYsm9P1PuCyyWYi8LursA2Jqz8Mpmvv1wlSCmChyolYgLiN3rRtRsfO 1N7MgD2cRfWM2yBenqcF3DOm8uxj0A4vuzRgWM9EvcKSrC/tDnZ6PLfDCLqMHkUj286E PPrwiAaFVOF9TwJJOKFcbxj4tmiJohhmspa8M=

hello All,

Finally I had the "openldap-2.2.5 + cyrus-sasl-2.1.23 + krb5-1.6.3"
running on my AS5_64 machine. But now I can only do ldapsearch with
GSSAPI on the same machine as the slapd and other suite running, if I
ran it from other machine, then it failed with (Unknown code krb5 7).
Of course, simple auth worked well.

This is a dummy question. I just newly contacted with sasl+krb5 with
ldap. Can anyone else kindly people tell me how to make ldapsearch
working from other machine? E.g, what kind of setup/procedure I should
do on the other machine before I can do ldapsearch with gssapi
effectively?

FYI, on the other machine, I had the same version of
"cyrus+krb5+openldap" installed, so I think the "ldapsearch" links to
the enough libraries to do sasl.

Output when run on the different machine
=============================
/tmp_proj/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p 9001
-Y gssapi -U admin  -b "sn=admin,ou=People,o=Acme" '(objectclass=*)'
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
        additional info: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information
(Unknown code krb5 7)


Run on the same machine, it seems working.
=======================
/tmp_proj/test/cyrus-sasl-2.1.23/sample>kinit lablogin
Password for lablogin@IC.ACME.COM:

/tmp_proj/test/cyrus-sasl-2.1.23/sample>ldapsearch -h 10.230.34.88 -p
9001 -Y gssapi -U admina@iclab062.ic.acme.com -b
"sn=admin,ou=People,o=Acme" '(objectclass=*)'
SASL/GSSAPI authentication started
SASL username: lablogin@IC.ACME.COM
SASL SSF: 56
SASL installing layers
# extended LDIF
#
# LDAPv3
# base <sn=admin,ou=People,o=Acme> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# admin, People, Acme
dn: sn=admin,ou=People,o=Acme
objectClass: top
objectClass: person
objectClass: organizationalPerson
userPassword:: e1NTSEF9bGZMNXZNNFR1T1VrSm51eVk3RGJWODJFUUpvYVRNWWY=
cn: Administrator
sn: admin

# search result
search: 4
result: 0 Success

# numResponses: 2
# numEntries: 1

Follow-Ups:
- Re: ldapsearch using GSSAPI failed to run from other machine ...
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: TLS Replication
Next by Date: Re: ldapsearch using GSSAPI failed to run from other machine ...
Index(es):
- Chronological
- Thread