Cannot conect LDAP to Kerberos - Kerberos

This is a discussion on Cannot conect LDAP to Kerberos - Kerberos ; I'm trying to set up my ldap directory to use kerberos passwords. I have compiled openldap with --with-kpasswd, added the principal ldap/iceage.sg.org.br@SG.ORG.BR to kerberos. Also, I have prepared the user entries in LDAP with these fields (in addition to other ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Cannot conect LDAP to Kerberos

  1. Cannot conect LDAP to Kerberos

    I'm trying to set up my ldap directory to use kerberos passwords. I have
    compiled openldap with --with-kpasswd, added the principal
    ldap/iceage.sg.org.br@SG.ORG.BR to kerberos. Also, I have prepared the user
    entries in LDAP with these fields (in addition to other ones):

    objectClass: krb5Principal
    krb5PrincipalName: diego@SG.ORG.BR
    cn: Diego Lima
    userPassword: {KERBEROS}diego@SG.ORG.BR


    I could contact the server using:
    ldapsearch -H ldap://iceage.sg.org.br/ -x -b "" -s base -LLL
    supportedSASLMechanisms

    and it returned

    dn:
    supportedSASLMechanisms: GSSAPI


    However when I try to use the kerberos database I get this error:

    iceage:/etc/ldap# ldapsearch -H ldap:/// -I -b "" -s base -LLL
    supportedSASLMechanisms
    SASL/GSSAPI authentication started
    SASL Interaction
    Please enter your authorization name: diego
    ldap_sasl_interactive_bind_s: Local error (-2)
    additional info: SASL(-1): generic failure: GSSAPI Error:
    Miscellaneous failure (Server not found in Kerberos database)

    Any ideas?
    Thanks!
    --
    Diego Lima
    http://sg.homelinux.com:81

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (GNU/Linux)

    iD8DBQBFLHNKMQUVtGjCvrMRAokyAKCjKPhNpE6vD4w6Ucv0R4 b5w9HoPgCeLPvC
    11AK2m1ggSWUzAIg5BCvF4k=
    =UWC2
    -----END PGP SIGNATURE-----


  2. Re: Cannot conect LDAP to Kerberos

    Quoting Diego Alencar Alves de Lima :

    > I'm trying to set up my ldap directory to use kerberos passwords. I have
    > compiled openldap with --with-kpasswd, added the principal
    > ldap/iceage.sg.org.br@SG.ORG.BR to kerberos. Also, I have prepared the user
    > entries in LDAP with these fields (in addition to other ones):
    >
    > objectClass: krb5Principal
    > krb5PrincipalName: diego@SG.ORG.BR
    > cn: Diego Lima
    > userPassword: {KERBEROS}diego@SG.ORG.BR


    This have been depricated for quite some time now. Nowadays you use
    {SASL}. Make sure to install saslauthd from Cyrus SASL (start it with
    '-a kerberos5')...

    > supportedSASLMechanisms: GSSAPI


    That's {SASL}...
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread