Hi Clément, yep, I know that and it works. But the problem is that this is the only client where I get this behaviour with ldapsearch and I'd like to uderstand why.
The real problem I have behind, is that I saw that to have user authentication over ldap working, I have DESACTIVATE TLS for ldap queries : even for a very internal machine, I really don't want to leave the configuration like that. Here is what makes it work : nsswitch.conf : passwd: files ldap /etc/ldap.conf ... #ssl start_tls #tls_cacertdir /etc/openldap/cacerts ... I can't leave things like this. --- Olivier 2015-10-22 18:09 GMT+02:00 Clément OUDOT <[email protected] >: > > > Le 22/10/2015 17:59, Olivier a écrit : > >> Hello everyone, >> >> authentication over ldap doesn't work on one of my linux box. Trying to >> query the ldap server from this machine with ldapsearch, I get this : >> >> $ ldapsearch -ZZZ -h ldap1.example:389 -D uid=olivier,dc=example,dc=fr >> -b dc=example,dc=fr -W >> Enter LDAP Password: >> SASL/GSSAPI authentication started >> ldap_sasl_interactive_bind_s: Local error (-2) >> additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified >> GSS failure. Minor code may provide more information (No credentials cache >> found) >> >> Do you know why ldapsearch tries to authenticate using GSSAPI ? >> >> I don'use such a mechanism (nor kerberos) and I don't remember that I >> configured any such a thing. >> >> Any idea to desactivate the attempt to use GSSAPI to authenticate ? >> >> (note: the ldap client is a linux redhat5) >> > > Hi Olivier, > > use -x for simple authentication. > > > -- > Clément OUDOT > Consultant en logiciels libres, Expert infrastructure et sécurité > Savoir-faire Linux > > >
