-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
I have REALM.A and REALM.B in my KDC setup. There is a two way trust between REALM.A and REALM.B. I have a client computer on REALM.A, and can correctly kinit to get tickets from both realms via this trust pathway. I also have an OpenLDAP server on the server with REALM.B, and it is identified by ldap/[email protected] When i obtain a ticket on REALM.A via this , and try to execute a SASL bind to the ldap server, i get an error of SASL/GSSAPI authentication started ldap_err2string ldap_sasl_interactive_bind_s: Local error (-2) It says that Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database). A user from REALM.B can access the LDAP server correctly with GSSAPI klist shows that i am getting a TGT for both REALM.A and REALM.B on my [email protected]. Is this an issue with kerberos being unable to find the ticket across the realm trust for ldap to be verified? What steps can i follow to help fix this issue? Are there principal flags that i am forgetting to add to my LDAP principal for this to work? Your help is appreciated. William Brown pgp.mit.edu -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iQIcBAEBAgAGBQJMiF0cAAoJEHF16AnLoz6J6mIP/0Jnfw8vG13LyOlv2gm3zwrF psHWASKmzaPngS0c7nbNSDDWi6jZJXogP9kF8uI/JQibUlYJb9TtfiG1K7l6yMol /jD8l3TGVy/VBrG6Yk0sqiQeHn52IaPTXv/xk0a8o6rk/wAUFzEnXH3+K/oRg+4A +Z5WHWHsdz73QBkMRVE+IY+IHwUB+GoglyocZmnQBjigU+2+So2hhlxp8XqmZPSZ jke2yk375LXHgv8/cppIIx3YV5VtvMe/O/lQoptBl39D8Y7CFwJsuQqGtyTRQVJh PpnMDARhqR+UKqJeZRksQLUeFZhQYzLWpTStm/8NhYAVBhTF32NPwgkcv5LohUdH yK3TCjvPodXCs27kGFX2s20tpFjLfpnx+gzyCTRQbbygPR4/Nn+11kmqDlrC05fW GpUOA8aknL7J6tN5twlO/wHtIaIvTPP4MmDD9DlS6OtNbBtaumDrS6ehWQ0j4FlA IfK+eHwIRgvjxCGa7N9S7jv5ZqxkAyeVArWWJczcCL6qKij7Zgh0w8nvzMTJq1Jj TwYK9O8RHL0d66NSFs2sTaEUZECnYA29oh6XppmvaOUdI5JOzQ4keG6xhTieRPBx Tdkq/1B51nl6EfJTu4fLOKfRz2UnOY2Uvms+2qdH0cZZIhOu98I3BsSdKhUgPtAB kZoLSAwYj33BL/KU/8Yj =RZcN -----END PGP SIGNATURE-----
