[Freeipa-users] Unable to set up freeIPA on a fresh ubuntu 16.04.1 install
Rob Crittenden
rcritten at redhat.com
Tue Aug 16 01:05:14 UTC 2016
David Kowis wrote:
> On 08/15/2016 04:33 AM, Petr Spacek wrote:
>> This is weird as LDAP SASL & GSSAPI is pretty standard thing.
>>
>> In any case, you can check server logs or use tcpdump/wireshark and see if the
>> error somes from LDAP server or if it is client side error.
>>
>> That would tell us where to focus.
>>
>
> Welp, I've got a pile of logs for you:
> https://gist.github.com/dkowis/a82d4ec6b1823d9e1b95ffcc94666ae0
>
> The last few lines are probably the relevant ones.
>
> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 BIND dn="" method=sasl
> version=3 mech=GSSAPI
> [15/Aug/2016:18:12:53 -0500] conn=1307 op=0 RESULT err=7 tag=97
> nentries=0 etime=0
> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 UNBIND
> [15/Aug/2016:18:12:54 -0500] conn=1307 op=1 fd=68 closed - U1
>
>
> Something tries to bind with no dn, and then fails.... I think?
No this is typical logging for GSSAPI (minus the error).
The error code is LDAP_AUTH_METHOD_NOT_SUPPORTED. Do you have the cyrus
SASL GSSAPI package installed? In Fedora the package is cyrus-sasl-gssapi.
rob
More information about the Freeipa-users
mailing list