GSSAPI Error: An invalid name was supplied (Not enough space)
Dan White
dwhite at olp.net
Fri Oct 31 09:39:39 EDT 2008
Ben Lentz wrote:
> Greetings list,
> I am using openldap-2.4.12 with cyrus-sasl 2.1.22 with mit krb5-1.6.3
> on an AIX 5.3, TL8, SP2 machine.
>
> Whenever I try to use GSSAPI with ldapsearch against a Microsoft
> Active Directory server, I get the following error:
>
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
>
> When I run the process through truss -rall -wall -f, I see the
> following error near the failure:
> GSSAPI Error: An invalid name was supplied (Not enough space)
>
> I am able to acquire a kerberos ticket, I can list the GSSAPI plugin
> using pluginviewer, and I can ldapsearch against the MSAD server using
> simple authentication.
>
> I have searched Google and can find no reference to the "Not enough
> space" error. Has anyone else seen this before or can anyone shed any
> light on this?
>
> Thanks in advance.
>
Are you receiving the service principal ticket for the ldap server (e.g.
ldap/<hostname>@REALM)?
The error you're receiving is possibly due to the AD/mit/kerberos
interaction rather than cyrus. I had success trouble shooting a 'packet
too large', or something similar, once with wireshark. That was with
Heimdal and AD. I ended up forcing Heimdal to use TCP when talking to
the AD server. In /etc/krb5.conf:
[realms]
EXAMPLE.NET = {
kdc = tcp/ad.example.net
kdc = ad.example.net
admin_server = ad.example.net
- Dan
More information about the Cyrus-sasl
mailing list