On 08/15/2016 08:05 PM, Rob Crittenden wrote: > David Kowis wrote: >> On 08/15/2016 04:33 AM, Petr Spacek wrote: >>> This is weird as LDAP SASL & GSSAPI is pretty standard thing. >>> >>> In any case, you can check server logs or use tcpdump/wireshark and >>> see if the >>> error somes from LDAP server or if it is client side error. >>> >>> That would tell us where to focus. >>> >> >> Welp, I've got a pile of logs for you: >> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0 >> >> The last few lines are probably the relevant ones. >> >> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl >> version=3 mech=GSSAPI >> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97 >> nentries=0 etime=0 >> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND >> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1 >> >> >> Something tries to bind with no dn, and then fails.... I think? > > No this is typical logging for GSSAPI (minus the error). > > The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus > SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi. > > rob
searched for gssapi: libsasl2-modules-gssapi-mit/xenial,now 2.1.26.dfsg1-14build1 i386 [installed,automatic] Cyrus SASL - pluggable authentication modules (GSSAPI) Pretty sure that's the equivalent package on ubuntu # dpkg -L libsasl2-modules-gssapi-mit /. /usr /usr/lib /usr/lib/i386-linux-gnu /usr/lib/i386-linux-gnu/sasl2 /usr/lib/i386-linux-gnu/sasl2/libscram.so.2.0.25 /usr/lib/i386-linux-gnu/sasl2/libgs2.so.2.0.25 /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2.0.25 /usr/share /usr/share/lintian /usr/share/lintian/overrides /usr/share/lintian/overrides/libsasl2-modules-gssapi-mit /usr/share/doc /usr/share/doc/libsasl2-modules-gssapi-mit /usr/share/doc/libsasl2-modules-gssapi-mit/copyright /usr/lib/i386-linux-gnu/sasl2/libgs2.so.2 /usr/lib/i386-linux-gnu/sasl2/libscram.so /usr/lib/i386-linux-gnu/sasl2/libgs2.so /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so.2 /usr/lib/i386-linux-gnu/sasl2/libscram.so.2 /usr/lib/i386-linux-gnu/sasl2/libgssapiv2.so /usr/share/doc/libsasl2-modules-gssapi-mit/changelog.Debian.gz /usr/share/doc/libsasl2-modules-gssapi-mit/NEWS.Debian.gz python-gssapi is also installed. -- David Kowis PS: Sorry Rob for sending it directly, I derped in the mail client
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
