Thanks for you answer Tom. I added that principal and changed all principals and entries in the keytabs to have the fqn as in hostname.domain.com.
Authenticating as principal kerberos-test/[email protected] with password. *kadmin.local: getprincs* K/[email protected] host/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] [email protected] krbtgt/[email protected] ldap/[email protected] root/[email protected] I now have this error: *# ldapsearch -h ldapserver.mydomain.com -p 389 -o mech=GSSAPI -o authid=" [email protected]" -b "dc=example,dc=com" -s base "(objectClass=*)" * Password for user '[email protected]': An error occurred while attempting to perform GSSAPI authentication to the Directory Server: PrivilegedActionException(null:-2) Result Code: 82 (Local Error) *And in /var/log/krb5kdc.log* Feb 20 20:01:09 ldapserver krb5kdc[15295](info): AS_REQ (5 etypes {3 1 23 16 17}) 172.23.14.210: ISSUE: authtime 1329764469, etypes {rep=23 tkt=18 ses=23}, [email protected] for krbtgt/[email protected] Feb 20 20:01:10 ldapserver krb5kdc[15295](info): TGS_REQ (5 etypes {3 1 23 16 17}) 172.23.14.210: NO PREAUTH: authtime 0, [email protected] for ldap/[email protected], Generic error (see e-text) Still no clue on this.. Thanks again, Tiago On Mon, Feb 20, 2012 at 7:50 PM, Tom Yu <[email protected]> wrote: > Tiago Elvas <[email protected]> writes: > > > *And This is the log in /var/log/krb5kdc.log* > > Feb 20 19:26:13 ldapserver krb5kdc[15295](info): AS_REQ (5 etypes {3 1 23 > > 16 17}) 172.23.14.210: ISSUE: authtime 1329762373, etypes {rep=23 tkt=18 > > ses=23}, [email protected] for krbtgt/ > > MYDOMAIN.COM<http://mydomain.com/> > > @MYDOMAIN.COM <http://mydomain.com/> > > Feb 20 19:26:13 ldapserver krb5kdc[15295](info): TGS_REQ (5 etypes {3 1 > 23 > > 16 17}) 172.23.14.210: UNKNOWN_SERVER: authtime 0, kerberos-test@ > > MYDOMAIN.COM <http://mydomain.com/> for ldap/ > > [email protected], Server not found in Kerberos > database > > You do not appear to have created a service principal > ldap/[email protected] > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
