[Freeipa-users] buggered 389?

Thu Nov 20 15:30:51 UTC 2014

-Y GSSAPI fixed the ldap query. Thanks.

I figured out the problem with the ipa-getkeytab. In short, it was PEBKAC.
Thanks for the help.

On Thu, Nov 20, 2014 at 4:07 AM, Sumit Bose <sbose at redhat.com> wrote:

> On Wed, Nov 19, 2014 at 09:55:51PM -0500, Richard Betel wrote:
> > I suddenly started getting errors when I try to use ipa-getkeytab:
> >
> > [root at ipa1 kerberize]# ipa-getkeytab -s jn01 -p hdfs/jn01 -k
> > jn01.hdfs.keytab
> > SASL Bind failed Can't contact LDAP server (-1) !
>
> Please try to use the fully qualified name of the server.
>
> >
> > ldap seems to be answering on the non-SASL port (ei: ldapsearch -x -h
> > localhost CN=richard works fine) but if I don't use the -x, I get:
> > ldapsearch  -h localhost CN=richard
> > SASL/EXTERNAL authentication started
> > ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> > additional info: SASL(-4): no mechanism available:
>
> As Alexander educated me, this is expected because SASL/EXTERNAL is only
> used for the ldapi connection scheme. Please try to use the fully
> qualified server name and '-Y GSSAPI' with ldapsearch.
>
> HTH
>
> bye,
> Sumit
>
> >
> >
> > I'm kinda at a loss for how to debug this. I'm not really finding any
> > errors in the dirsrv logs, just a warning that my DB is bigger than the
> > cache. I'd appreciate some ideas on where to look.
>
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>

-- 
<http://www2.charitydynamics.com/site/PageServer?pagename=Boundless_Email_Client>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141120/42840b2b/attachment.htm>