# ldapclient mod -a authenticationMethod=sasl/GSSAPI -a credentialLevel=self start: Error: sasl/GSSAPI bind is not working. Abort. Error resetting system. Recovering old system settings. Error (1) while starting services during reset
# svcs -xv svc:/network/ldap/client:default (LDAP client) State: maintenance since Wed Feb 24 14:37:24 2010 Reason: Restarting too quickly. See: http://sun.com/msg/SMF-8000-L5 See: man -M /usr/share/man -s 1M ldap_cachemgr See: /var/svc/log/network-ldap-client:default.log Impact: This service is not running. # tail /var/ldap/cachemgr.log Wed Feb 24 14:37:23.5542 Error: Unable to refresh profile:default:Session error no available conn. Wed Feb 24 14:37:23.5543 Error: Unable to update from profile Wed Feb 24 14:37:23.5545 Error: Check on self credential prerquesites failed: 4 Wed Feb 24 14:37:23.6081 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log Wed Feb 24 14:37:23.6647 sig_ok_to_exit(): parent exiting... Wed Feb 24 14:37:23.7005 Error: Unable to refresh profile:default:Session error no available conn. Wed Feb 24 14:37:23.7005 Error: Unable to update from profile Wed Feb 24 14:37:23.7007 Error: Check on self credential prerquesites failed: 4 On Wed, Feb 24, 2010 at 2:08 PM, Piotr Jasiukajtis <estseg at gmail.com> wrote: > Hi, > > I'm not sure it's a right alias, however it's related to the GSSAPI. > > I have a snv_129 kerberos+ldap client machine. Kerberos is already > configured. KDC is running on Linux. > > Original nss_ldap library is replaced with nss-ldap from > http://freeipa.org/downloads/solaris/nss_ldap/10/RHATnss-ldap-253-12.i386.pkg > > LDAP client is already configured with NS_LDAP_AUTH= none > What I would like to do is to change authenticationMethod to sasl/GSSAPI. > > # ldapclient mod -a authenticationMethod=sasl/GSSAPI > Error resetting system. > Recovering old system settings. > > # tail /var/ldap/cachemgr.log > Wed Feb 24 13:53:23.9601 ? ? ? ?Error: Unable to read > '/var/ldap/ldap_client_file': Configuration Error: Authentication > method sasl/GSSAPI requires credential level self > Wed Feb 24 13:53:23.9608 ? ? ? ?detachfromtty(): child failed (rc = 255). > Wed Feb 24 13:53:24.0026 ? ? ? ?Starting ldap_cachemgr, logfile > /var/ldap/cachemgr.log > Wed Feb 24 13:53:24.0043 ? ? ? ?Error: Unable to read > '/var/ldap/ldap_client_file': Configuration Error: Authentication > method sasl/GSSAPI requires credential level self > Wed Feb 24 13:53:24.0050 ? ? ? ?detachfromtty(): child failed (rc = 255). > Wed Feb 24 13:53:24.0428 ? ? ? ?Starting ldap_cachemgr, logfile > /var/ldap/cachemgr.log > Wed Feb 24 13:53:24.0445 ? ? ? ?Error: Unable to read > '/var/ldap/ldap_client_file': Configuration Error: Authentication > method sasl/GSSAPI requires credential level self > Wed Feb 24 13:53:24.0451 ? ? ? ?detachfromtty(): child failed (rc = 255). > Wed Feb 24 13:53:24.7556 ? ? ? ?Starting ldap_cachemgr, logfile > /var/ldap/cachemgr.log > Wed Feb 24 13:53:24.7698 ? ? ? ?sig_ok_to_exit(): parent exiting... > > > -- > Piotr Jasiukajtis | estibi | SCA OS0072 > http://estseg.blogspot.com > -- Piotr Jasiukajtis | estibi | SCA OS0072 http://estseg.blogspot.com
