On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote: > I suddenly started getting errors when I try to use ipa-getkeytab: > > [root@ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k > jn01.hdfs.keytab > SASL Bind failed Can't contact LDAP server (-1) !
Please try to use the fully qualified name of the server. > > ldap seems to be answering on the non-SASL port (ei: ldapsearch -x -h > localhost CN=richard works fine) but if I don't use the -x, I get: > ldapsearch -h localhost CN=richard > SASL/EXTERNAL authentication started > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: As Alexander educated me, this is expected because SASL/EXTERNAL is only used for the ldapi connection scheme. Please try to use the fully qualified server name and '-Y GSSAPI' with ldapsearch. HTH bye, Sumit > > > I'm kinda at a loss for how to debug this. I'm not really finding any > errors in the dirsrv logs, just a warning that my DB is bigger than the > cache. I'd appreciate some ideas on where to look. > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
