On Wed, 2009-01-21 at 10:36 +0100, Ondrej Valousek wrote: > There is something rotten in the lookup_ldap.c but I can not point my > finger on it. > Things go bad in the lookup_init() function: > 5 4.389459 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(1) > "<ROOT>" sasl > 6 4.390383 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(1) > saslBindInProgress > 7 4.390396 192.168.60.171 -> 192.168.60.172 TCP 39957 > ldap [ACK] > Seq=27 Ack=218 Win=6912 Len=0 TSV=17330479 TSER=592592279 > 8 4.390846 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(2) > "<ROOT>" sasl > 9 4.392733 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(2) success > 10 4.393095 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(3) > "<ROOT>" sasl > 11 4.394062 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(3) > invalidCredentials (00090313: LdapErr: DSID-0C0904D1, comment: > AcceptSecurityContext error, data 0, v1771) > 12 4.394188 192.168.60.171 -> 192.168.60.172 LDAP unbindRequest(4) > > Packet 8,9 - we connect to the server to verify the authentication > mechanism, but then we should drop the connection - line 1286 - call to > ldap_unbind_connection(). But this never happens according to the > tcpdump. Instead, another bind follows and fails. The question is now: > 1. Why is there no unbindRequest packet? In general, I see 3 bind > requests but only one unbindrequest.... > 2. Why the second bindRequest fails and the first one succeeds? > > I do not want to be too picky, but Windows Server 2008 is the first > server OS from MS to support RFC2307 LDAP schema so I believe we should > be able to connect to it. I have opened a case #1887566 with RedHat > regarding this....
Have you tried GSSAPI, doesn't Windows require Kerberos auth by default? Are you sure that the Windows server is allowing simple binds (that was what you wanted right)? Ian _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
