On Thu, Aug 21, 2025 at 10:56 AM Greg Hudson <[email protected]> wrote: > > On 8/20/25 23:43, Travis Bean wrote: > > “Cannot bind to LDAP server ldapi:/// as > > ‘cn=kdc-srv,cn=krbContainer,dc=example,dc=local’: Invalid credentials > > - while initializing database.” > > This means libkdb_ldap called ldap_sasl_bind_s() and got back an > LDAP_INVALID_CREDENTIALS response, most likely indicating that the LDAP > server didn't match the password from the service stash file.
I found out that krb5-admin-server is failing with the exact same error as krb5-kdc. This time krb5-admin-server references cn=adm-srv,cn=krbContainer,dc=example,dc=local, which is referenced in my krb5.conf as ldap_kadmind_dn as well as referenced by kdb5_ldap_util for my service stash file. When attempting to start krb5-admin-server and krb5-kdc, syslog doesn't log anything substantial—it only logs "Failed with result 'exit-code'." If this is a problem with my service stash file, how do I fix this? I double-checked the kdb5_ldap_util syntax for creating the service stash file, and there are no errors on my part. My OpenLDAP/Kerberos code used to work just fine in the past. My test Bash script is part of a larger project located at launchpad.net/linuxha. Nothing substantial has changed with my OpenLDAP/Kerberos Bash code for LinuxHA. In fact, all minor changes, such as an upgraded krb5.conf, were rolled back to a previous revision for testing, but to no avail. Kind regards, Travis Bean ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
