Kashif Ali Siddiqui wrote: > On Aug 5, 4:46 am, Michael Ströder <[EMAIL PROTECTED]> wrote: >> Rich Megginson wrote: >>> Kashif Ali Siddiqui wrote: >>>> I am using Microsoft Server2003 SP1 Active Directory and want to do >>>> LDAP_SASL_BIND using GSSAPI mechanism (Kerberos5). I have setup an >>>> instance for Microsoft Server2003 and a Linux client machine with >>>> Mozilla LDAP 6.0.4 with Cyrus SASL libraries. I have a client code >>>> ready (code pasted in the above posting) and I am not able to get >>>> through the BIND call. It is consistently giving me error >>>> Bind Error [49]: Invalid credentials >>>> Bind Error [49]: additional info: 8009030B: LdapErr: DSID-0C09043E, >>>> comment: AcceptSecurityContext error, data 7a, vece >>>> By the way, I have successfully kinit the user credentials and they >>>> are fetched in the cache. Also after failed attempts of >>>> ldap_sasl_interactive_bind (ended with above error) I am still getting >>>> the service ticket as shown when I do klist. >> In general for this to work you should ensure that all your system >> clocks are in sync, all systems involved have correct DNS A and PTR RRs >> (don't use CNAMEs), and attribute servicePrincipalName for the service >> account is correct. > > Can you please elaborate on this setting. Steps can be more helpful.
Use nslookup or other DNS client tools to check whether the name-to-address and reverse DNS entries are all present for your AD DCs. If there's anything missing talk to you DNS admin. Ciao, Michael. _______________________________________________ dev-tech-ldap mailing list dev-tech-ldap@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-ldap
