This is a continuation of a problem I have been having. Samba 4 has recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds.
I have the following in my dovecot-ldap setup for userdb: dn = smtp/mailhost.example....@example.org sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example....@example.org Which gives me the following error. Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever))) fields=userPrincipalName dovecot: auth: Error: LDAP: binding failed (dn smtp/mailhost.example....@example.org): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_97' not found) Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup for the GSSAPI user login. The credential cache should be that file should it not? If not, how do I go about setting that up so that it will work. Thank you, Trever -- "The only true happiness comes from squandering ourselves for a purpose." -- William Cowper
signature.asc
Description: OpenPGP digital signature