[30872] in Kerberos
Re: SASL authentication
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Mon Mar 16 13:47:47 2009
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Mon, 16 Mar 2009 12:17:45 +0100
Message-ID: <p3p196-ukk.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.110.1237190641.14058.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Xu, Qiang (FXSGSC) wrote:
>
> I am trying to do LDAP SASL binding to ADS in Windows 2003 server, which is where KDC resides at the same time.
>
> Unfortunately, an error is confusing me:
> ==============================================
> <apManager> (Fri Mar 13 2009 13:34:19.846) <p8124,t3078597536,aba_ldap_interface.c,2373>
> INFO>> SASL Login
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2388>
> INFO>> SASL LDAP BIND with GSSAPI: Value of ldapStatus 82
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2459>
> ERROR>> LDAP BIND: Value of ldap failure status and text 82 Local error
> ==============================================
> Using klist, it is verified that a Kerberos ticket exists and has not expired. Besides this, what else should be done at the server's end, or at the client's end? Any set-up issue? (the client has SASL library and its GSSAPI plugin in place, already)
Try with obtaining the TGT with 'kinit -A <principal>'. I vaguely
remember that this solved some problems for me.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
