This content has been marked as final. Show 3 replies
I remember having tested GSSAPI authentication on Solaris with OpenLDAP tools (ldapsearch) and Sun DS tools on Solaris.
Error 49 is returned by the server, as well as the additional message.
You can enable the TRACE error level to get more information about the SASL exchanges.
But the error is really coming from the Kerberos library under GSS.
I have no knowledge on how to troubleshoot this.
This turned out to be a keytab problem. I had to force the enctype on the ldap/fqdn principal keytab to be des-cbc-crc before it would work. I'm not sure if any other stronger ones would work, but at least that one does.
I have problem with connecting DS 5.2 server using SASL GSSAPI from OpenLDAP client.
I have configured GSSAPI identity mappings on the DS and have KDC running on the same solaris machine.
When I do ldapsearch from the openLDAP client, I am getting the following error :
ldapsearch -h 10.7.30.16 -Y GSSAPI -U tester1
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (Ticket expired)
Do I need to configure anything else on the client side (OpenLDAP client on the linux machine) ?? Can you please give me the steps to make this work ??