[Freeipa-users] GSSAPI Failure
Dmitri Pal
dpal at redhat.com
Wed Nov 12 15:15:59 UTC 2008
Konstantin Kozlov wrote:
> Hello,
>
> Rob Crittenden wrote:
> > Konstantin Kozlov wrote:
> >> Hello,
> >>
> >> So ran out of ideas for where to look for errors. I've got the GSSAPI
> >> error with ipa tools and ldap tools.
> >>
> >> [root at ipaserver ~]# ipa-finduser admin
> >> Connection to database failed: Invalid credentials: SASL(-13):
> >> authentication failure: GSSAPI Failure: gss_accept_sec_context
> >>
> >> But the ipauser can login to ipaserver and ipaclient and get his home
> >> dir automounted.
> >>
> >> Is it a dead end?
> >
> > Ok, this error indicates that the kerberos auth to the XML-RPC server
> > worked but that it can't make a GSSAPI connection to the LDAP server.
> >
> > You can test this directly with:
> >
> > % ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
> >
> >>
>
> This fails.
>
If this fails you should see a reason in the IPA server DS's access log.
This might give a hint.
Thanks
Dmitri
More information about the Freeipa-users
mailing list