[Freeipa-users] GSSAPI Failure
Kozlov
mackoel at gmail.com
Fri Nov 14 04:29:33 UTC 2008
Simo Sorce пишет:
> On Thu, 2008-11-13 at 17:03 +0300, Konstantin Kozlov wrote:
>> Unfortunately it doesn't change my situation.
>>
>> So is it the dead end?
>
> Have you done a kinit again after you changed it ?
> What does klist -f show you ?
>
Hello,
Thank you for not giving up Simo!
Here is the log:
[root at ipaserver ~]# klist -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM
Valid starting Expires Service principal
11/13/08 16:54:34 11/14/08 16:54:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
Flags: FIA
11/13/08 16:54:55 11/14/08 16:54:30 HTTP/ipaserver.example.com at EXAMPLE.COM
Flags: FAT
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at ipaserver ~]# ipa-finduser admin
Connection to database failed: Invalid credentials: SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context
[root at ipaserver ~]# ldapsearch -Y GSSAPI -b "dc=bio,dc=spbcas,dc=ru" uid
admin
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
[root at ipaserver ~]# kdestroy
[root at ipaserver ~]# kinit admin
Password for admin at EXAMPLE.COM:
[root at ipaserver ~]# klist -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM
Valid starting Expires Service principal
11/14/08 07:23:02 11/15/08 07:22:58 krbtgt/EXAMPLE.COM at EXAMPLE.COM
Flags: FIA
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at ipaserver ~]# ipa-finduser admin
Connection to database failed: Invalid credentials: SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context
[root at ipaserver ~]# ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid admin
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
Can it be a hardware related problem? The machine is rather old - HP
NetServer Pentium 3, 500 GHz, 512 MB.
Kostya
More information about the Freeipa-users
mailing list