On Fri, Aug 18, 2006 at 06:21:47PM +0200, chechu chechu wrote: > Hi > > i have gssapi correctly installed...but i get thius error with > ldapsearch : > > [EMAIL PROTECTED]:~# ldapsearch -D "cn=admin,dc=ironman,dc=es" -w secret > SASL/LOGIN authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: checkpass failed > > if i do with -x, it works, but I need sasl.
-D and -w are meaningless with SASL binds. There are several things that have to be setup in order to have SASL/GSSAPI working. Some that spring to mind: - do you have the sasl gssapi plugin installed on both the client and the server? - do you have the TGT ticket? - does your ldap server have the ldap/<fqdn>@REALM principal account in kerberos? - can your ldap server read the ldap/<fqdn>@REALM keytab file? Is it really the one you extracted from your kerberos server? - is the clock correct in all machines, including timezones?