SASL authentication

Michael Ströder michael at
Mon Mar 16 07:17:45 EDT 2009

Xu, Qiang (FXSGSC) wrote:
> I am trying to do LDAP SASL binding to ADS in Windows 2003 server, which is where KDC resides at the same time. 
> Unfortunately, an error is confusing me: 
> ==============================================
> <apManager> (Fri Mar 13 2009 13:34:19.846) <p8124,t3078597536,aba_ldap_interface.c,2373>
>      INFO>> SASL Login
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2388>
>      INFO>> SASL LDAP BIND with GSSAPI: Value of ldapStatus 82 
> <apManager> (Fri Mar 13 2009 13:35:07.089) <p8124,t3078597536,aba_ldap_interface.c,2459>
>     ERROR>> LDAP BIND: Value of ldap failure status and text 82 Local error 
> ==============================================
> Using klist, it is verified that a Kerberos ticket exists and has not expired. Besides this, what else should be done at the server's end, or at the client's end? Any set-up issue? (the client has SASL library and its GSSAPI plugin in place, already)

Try with obtaining the TGT with 'kinit -A <principal>'. I vaguely
remember that this solved some problems for me.

Ciao, Michael.

More information about the Kerberos mailing list