On 08/15/2016 04:33 AM, Petr Spacek wrote: > This is weird as LDAP SASL & GSSAPI is pretty standard thing. > > In any case, you can check server logs or use tcpdump/wireshark and see if the > error somes from LDAP server or if it is client side error. > > That would tell us where to focus. >
Welp, I've got a pile of logs for you: https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0 The last few lines are probably the relevant ones. [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl version=3 mech=GSSAPI [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97 nentries=0 etime=0 [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1 Something tries to bind with no dn, and then fails.... I think? -- David Kowis
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
