David Kowis wrote:
On 08/15/2016 04:33 AM, Petr Spacek wrote:
This is weird as LDAP SASL & GSSAPI is pretty standard thing.

In any case, you can check server logs or use tcpdump/wireshark and see if the
error somes from LDAP server or if it is client side error.

That would tell us where to focus.

Welp, I've got a pile of logs for you:

The last few lines are probably the relevant ones.

[15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
version=3 mech=GSSAPI
[15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
nentries=0 etime=0
[15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
[15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1

Something tries to bind with no dn, and then fails.... I think?

No this is typical logging for GSSAPI (minus the error).

The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to