I just have openDS installed, openLDAP is not used here... Any other hint?
:) Thanks On Tue, Feb 21, 2012 at 12:33 PM, nudge <[email protected]> wrote: > Just a thought, have you tried this comamnd (before and after running > kinit): > > ldapwhoami -v -d 5 > > It should provide more info on what's happening. > > > On Tue, Feb 21, 2012, at 11:23 AM, Tiago Elvas wrote: > > Thanks for you answer Tom. > > > > I added that principal and changed all principals and entries in the > > keytabs to have the fqn as in hostname.domain.com. > > > > Authenticating as principal kerberos-test/[email protected] with > > password. > > *kadmin.local: getprincs* > > K/[email protected] > > host/[email protected] > > kadmin/[email protected] > > kadmin/[email protected] > > kadmin/[email protected] > > [email protected] > > krbtgt/[email protected] > > ldap/[email protected] > > root/[email protected] > > > > > > I now have this error: > > > > *# ldapsearch -h ldapserver.mydomain.com -p 389 -o mech=GSSAPI -o > > authid=" > > [email protected]" -b "dc=example,dc=com" -s base > > "(objectClass=*)" > > * > > Password for user '[email protected]': > > An error occurred while attempting to perform GSSAPI authentication to > > the > > Directory Server: PrivilegedActionException(null:-2) > > Result Code: 82 (Local Error) > > > > *And in /var/log/krb5kdc.log* > > Feb 20 20:01:09 ldapserver krb5kdc[15295](info): AS_REQ (5 etypes {3 1 23 > > 16 17}) 172.23.14.210: ISSUE: authtime 1329764469, etypes {rep=23 tkt=18 > > ses=23}, [email protected] for krbtgt/[email protected] > > Feb 20 20:01:10 ldapserver krb5kdc[15295](info): TGS_REQ (5 etypes {3 1 > > 23 > > 16 17}) 172.23.14.210: NO PREAUTH: authtime 0, > > [email protected] for > > ldap/[email protected], Generic error (see e-text) > > > > > > Still no clue on this.. > > > > Thanks again, > > Tiago > > > > On Mon, Feb 20, 2012 at 7:50 PM, Tom Yu <[email protected]> wrote: > > > > > Tiago Elvas <[email protected]> writes: > > > > > > > *And This is the log in /var/log/krb5kdc.log* > > > > Feb 20 19:26:13 ldapserver krb5kdc[15295](info): AS_REQ (5 etypes {3 > 1 23 > > > > 16 17}) 172.23.14.210: ISSUE: authtime 1329762373, etypes {rep=23 > tkt=18 > > > > ses=23}, [email protected] for krbtgt/ > > > > MYDOMAIN.COM<http://mydomain.com/> > > > > @MYDOMAIN.COM <http://mydomain.com/> > > > > Feb 20 19:26:13 ldapserver krb5kdc[15295](info): TGS_REQ (5 etypes > {3 1 > > > 23 > > > > 16 17}) 172.23.14.210: UNKNOWN_SERVER: authtime 0, kerberos-test@ > > > > MYDOMAIN.COM <http://mydomain.com/> for ldap/ > > > > [email protected], Server not found in Kerberos > > > database > > > > > > You do not appear to have created a service principal > > > ldap/[email protected] > > > > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
