[Freeipa-users] buggered 389?
Sumit Bose
sbose at redhat.com
Thu Nov 20 09:07:30 UTC 2014
On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote:
> I suddenly started getting errors when I try to use ipa-getkeytab:
>
> [root at ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k
> jn01.hdfs.keytab
> SASL Bind failed Can't contact LDAP server (-1) !
Please try to use the fully qualified name of the server.
>
> ldap seems to be answering on the non-SASL port (ei: ldapsearch -x -h
> localhost CN=richard works fine) but if I don't use the -x, I get:
> ldapsearch -h localhost CN=richard
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
As Alexander educated me, this is expected because SASL/EXTERNAL is only
used for the ldapi connection scheme. Please try to use the fully
qualified server name and '-Y GSSAPI' with ldapsearch.
HTH
bye,
Sumit
>
>
> I'm kinda at a loss for how to debug this. I'm not really finding any
> errors in the dirsrv logs, just a warning that my DB is bigger than the
> cache. I'd appreciate some ideas on where to look.
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list