On 08/15/2016 08:05 PM, Rob Crittenden wrote:
> David Kowis wrote:
>> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>>
>>> In any case, you can check server logs or use tcpdump/wireshark and
>>> see if the
>>> error somes from LDAP server or if it is client side error.
>>>
>>> That would tell us where to focus.
>>>
>>
>> Welp, I've got a pile of logs for you:
>> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>>
>> The last few lines are probably the relevant ones.
>>
>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
>> version=3 mech=GSSAPI
>> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
>> nentries=0 etime=0
>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
>> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>>
>>
>> Something tries to bind with no dn, and then fails.... I think?
> 
> No this is typical logging for GSSAPI (minus the error).
> 
> The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
> SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.
> 
> rob


searched for gssapi:

libsasl2-modules-gssapi-mit/xenial,now 2.1.26.dfsg1-14build1 i386
[installed,automatic]
  Cyrus SASL - pluggable authentication modules (GSSAPI)


Pretty sure that's the equivalent package on ubuntu

# dpkg -L libsasl2-modules-gssapi-mit
/.
/usr
/usr/lib
/usr/lib/i386-linux-gnu
/usr/lib/i386-linux-gnu/sasl2
/usr/lib/i386-linux-gnu/sasl2/libscram.so.2.0.25
/usr/lib/i386-linux-gnu/sasl2/libgs2.so.2.0.25
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2.0.25
/usr/share
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/libsasl2-modules-gssapi-mit
/usr/share/doc
/usr/share/doc/libsasl2-modules-gssapi-mit
/usr/share/doc/libsasl2-modules-gssapi-mit/copyright
/usr/lib/i386-linux-gnu/sasl2/libgs2.so.2
/usr/lib/i386-linux-gnu/sasl2/libscram.so
/usr/lib/i386-linux-gnu/sasl2/libgs2.so
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2
/usr/lib/i386-linux-gnu/sasl2/libscram.so.2
/usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so
/usr/share/doc/libsasl2-modules-gssapi-mit/changelog.Debian.gz
/usr/share/doc/libsasl2-modules-gssapi-mit/NEWS.Debian.gz

python-gssapi is also installed.


--
David Kowis


PS: Sorry Rob for sending it directly, I derped in the mail client

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to