ld handle getting corrupted after SASL/GSSAPI authentication in Active Directory 2003
Vikas Gandhi
vgandhi at quark.co.in
Mon May 31 11:45:55 EDT 2004
Directory Server: Active Directory 2003
OS : Windows 2003
Mozilla C-SDK: 1.4.1
Authentication Type: SASL/GSSAPI via MIT kfw 1.6.2 libraries.
Problems: After I get the kerberos ticket ld handle gets corrupted and
I get
"Can't contact LDAP server"
Samples: I am running samples from ad.exe availble from ms site.
LDAP service name: ldap at beetle
who=DC=QDMS,DC=CO,DC=IN==> client_establish_context
Sending init_sec_context token (size=1443)...
60 82 05 9f 06 09 2a 86 48 86 f7 12 01 02 02 01
00 6e 82 05 8e 30 82 05 8a a0 03 02 01 05 a1 03
02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 b5
61 82 04 b1 30 82 04 ad a0 03 02 01 05 a1 0c 1b
0a 51 44 4d 53 2e 43 4f 2e 49 4e a2 24 30 22 a0
...........................................
c5 80 23 7e 02 e5 1d 3e bb 20 9c 08 f0 9d d2 cd
8a ba d0
==> send_token
<== send_token
continue needed...
==> recv_token
<== recv_token
<== recv_token
Received token (size=134)...
60 81 83 06 09 2a 86 48 86 f7 12 01 02 02 02 00
6f 74 30 72 a0 03 02 01 05 a1 03 02 01 0f a2 66
30 64 a0 03 02 01 17 a2 5d 04 5b ee 5c 7f ec 37
cb aa 8d e7 c7 3b 14 6d 6d 4f f0 26 38 c1 12 1f
9d 83 0e 9d 91 85 a3 4b aa 31 2d 92 73 fb 4d a0
a9 67 30 75 9c 76 62 a7 e3 ba fc 09 11 c4 ff 08
59 ba ff e1 f3 3a d7 8d c9 4e 1b f7 f4 51 51 bf
23 0f ad 75 6e 0e 67 35 a4 4e af e9 8e dc a3 2d
0a ad ec 1d b1 56
Sending init_sec_context token (size=0)...
==> send_token
<== send_token
<== client_establish_context
==> negotiate_security_options
==> recv_token
<== recv_token
<== recv_token
Received token (size=50)...
60 30 06 09 2a 86 48 86 f7 12 01 02 02 02 01 11
00 ff ff ff ff 37 ea cc 24 f9 6e cf 27 b6 a3 a6
a1 19 64 bf 10 d4 59 5a d1 d0 b2 25 e6 07 a0 00
00 01
60 30 06 09 2a 86 48 86 f7 12 01 02 02 02 01 11
00 ff ff ff ff 37 ea cc 24 f9 6e cf 27 b6 a3 a6
a1 19 64 bf 10 d4 59 5a d1 d0 b2 25 e6 07 a0 00
00 01
Received security token level 7 size 160
Sending security token level 1 size 160
==> send_token
<== send_token
==> parse_bind_result
ldap_first_message
ldap_first_message::LDAP_RES_BIND
<== parse_bind_result
<== negotiate_security_options
after negotiate_security_options 0
goes inside
"mittest at QDMS.CO.IN" to "ldap/beetle.qdms.co.in at QDMS.CO.IN", lifetime
35942, flags 136, locally initiated, open
after ldap_gssapi_bind
before LDAP_MOD_REPLACE
ldap_modify_s: Can't contact LDAP server
ldap_modify_ext: Can't contact LDAP server
Can someone explain why is this happening so ????
Regards
Vikas
More information about the Kerberos
mailing list