Rich Megginson wrote: > Kashif Ali Siddiqui wrote: >> I am using Microsoft Server2003 SP1 Active Directory and want to do >> LDAP_SASL_BIND using GSSAPI mechanism (Kerberos5). I have setup an >> instance for Microsoft Server2003 and a Linux client machine with >> Mozilla LDAP 6.0.4 with Cyrus SASL libraries. I have a client code >> ready (code pasted in the above posting) and I am not able to get >> through the BIND call. It is consistently giving me error >> >> Bind Error [49]: Invalid credentials >> Bind Error [49]: additional info: 8009030B: LdapErr: DSID-0C09043E, >> comment: AcceptSecurityContext error, data 7a, vece >> >> By the way, I have successfully kinit the user credentials and they >> are fetched in the cache. Also after failed attempts of >> ldap_sasl_interactive_bind (ended with above error) I am still getting >> the service ticket as shown when I do klist.
In general for this to work you should ensure that all your system clocks are in sync, all systems involved have correct DNS A and PTR RRs (don't use CNAMEs), and attribute servicePrincipalName for the service account is correct. Ciao, Michael. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
