SASL authentication
Michael Ströder
michael at stroeder.com
Mon Mar 16 07:17:45 EDT 2009
Xu, Qiang (FXSGSC) wrote:
>
> I am trying to do LDAP SASL binding to ADS in Windows 2003 server, which is where KDC resides at the same time.
>
> Unfortunately, an error is confusing me:
> ==============================================
> <apManager> (Fri Mar 13 2009 13:34:19.846) <p8124,t3078597536,aba_ldap_interface.c,2373>
> INFO>> SASL Login
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2388>
> INFO>> SASL LDAP BIND with GSSAPI: Value of ldapStatus 82
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2459>
> ERROR>> LDAP BIND: Value of ldap failure status and text 82 Local error
> ==============================================
> Using klist, it is verified that a Kerberos ticket exists and has not expired. Besides this, what else should be done at the server's end, or at the client's end? Any set-up issue? (the client has SASL library and its GSSAPI plugin in place, already)
Try with obtaining the TGT with 'kinit -A <principal>'. I vaguely
remember that this solved some problems for me.
Ciao, Michael.
More information about the Kerberos
mailing list