Thank you for the hint. However, I'm not running slapd since this is Microsoft AD environment + Linux clients. I've tried to obtain a ticket for service upn as root and got the TGT, so it doesn't look like permissions issue.
15.06.2016, 23:06, "Dieter Klünter" <[email protected]>: > Am Sun, 12 Jun 2016 17:34:47 +0300 > schrieb [email protected]: > >> Hi Dieter. >> >> I've tried performing this search from CentOS6 machine, with my own >> UPN, with machine UPN, and it were successful. Accessing SPN >> ldap/[email protected] Keytab is located >> in /etc/krb5.keytab, owned by root, access mode 0600. Dumped traffic >> from the problem server. On myTGS-REQ, DC responds with >> 'krb5kdc_err_svc_unavailable' packet. >> 12.06.2016, 10:41, "Dieter Klünter" <[email protected]>: >> >> Am Sat, 11 Jun 2016 14:27:26 +0300 >> schrieb [email protected]: > > [...] > > the user, slapd runs as, needs to read keytab. Check with klist > whether a ldap service principal ticket is available. > > -Dieter > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E
