I've been using OI for a while with a lot of success but have hit an issue and can't find anything useful to resolve it searching the web.
I'm using the dev branch of OI and as of today check its up to date (OI_151a9). I'm trying to follow the recipe in the OI wiki to setup Kerberose and LDAP (http://wiki.openindiana.org/oi/Kerberos+and+LDAP ) to allow authentication to an MS AD server. The setup seems to go off without a hitch but when I try to test the setup things don't work. So for example: Kerberos auth is working # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 15/04/2014 11:07 15/04/2014 21:07 krbtgt/[email protected] renew until 22/04/2014 11:07 15/04/2014 11:09 15/04/2014 21:07 ldap/[email protected] renew until 22/04/2014 11:07 LDAP query w/ kerberos auth works but produces a seg fault # ldapsearch -h fs01.watsons.local -b "dc=watsons,dc=local" -o mech=gssapi -o authzid="" -d 1 "uid=Administrator" compile with -DLDAP_DEBUG for debugging version: 1 dn: CN=Administrator,CN=Users,DC=watsons,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Administrator description: Built-in account for administering the computer/domain distinguishedName: CN=Administrator,CN=Users,DC=watsons,DC=local instanceType: 4 whenCreated: 20031108180624.0Z whenChanged: 20140415012217.0Z displayName: Administrator ..... msExchUserAccountControl: 0 msExchMailboxGuid:: aykgaS8SGEKzSPVbDNSENg== msExchPoliciesIncluded: {28BE0CBA-B6B1-4A13-8443-DA6FBE724DB6},{26491CFC-9E50- 4857-861B-0CB8DF22B5D7} Segmentation Fault (core dumped) The ldapclient setup is nearly identical to wiki recipe. I've included and excluded serviceSearchDescriptor attribute(s) with the same results as above. # ldapclient list NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_SERVERS= fs01.watsons.local NS_LDAP_SEARCH_BASEDN= dc=watsons,dc=local NS_LDAP_AUTH= sasl/GSSAPI NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= self NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=unixHomeDirectory NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group # ldaplist -l passwd Administrator ldaplist: Object not found In /var/adm/messages I get the following several times: Apr 15 12:08:20 nas1 nscd[15265]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn. Apr 15 12:08:21 nas1 nscd[15265]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: openConnection: GSSAPI bind failed - 82 Local error In my searching, I can't find anyone having this issue. Does anyone have any ideas how to approach this to get it working? Thanks! -- Scott LeFevre _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
