Server ldap/localhost at EXAMPLE.COM not found in Kerberos database
Dan White
dwhite at olp.net
Fri Apr 14 10:08:33 EDT 2017
On 04/14/17 00:19 +0200, Jaap Winius wrote:
>My question is with regard to an error that I get on an OpenLDAP
>consumer server that uses Kerberos to authenticate to a provider:
>
> slapd[1668]: GSSAPI Error: Unspecified GSS failure. \
> Minor code may provide more information \
> (Server ldap/localhost at EXAMPLE.COM not found in Kerberos database)
Check your kdc server logs to verify the service principal the consumer
is requesting, which appears to be incorrect.
auth.debug in your syslog, on the consumer and provider, may provide
additional information.
Do you have some other component in your consumer configuration which
references localhost?
>There's a Kerberos key table with keys for an
>ldap/srv4.example.com at EXAMPLE.COM principal that's used for slapd and
>k5start is used to to maintain the Kerberos ticket cache for it. That
>all works fine.
>
>Furthermore, the hostname for the system, srv4, is configured
>correctly, there's almost nothing in /etc/hosts (just '127.0.0.1
>localhost' and a few IPv6 linklocal lines), and the forward and
>reverse DNS entries for this host all refer to srv4.example.com (for
>IPv4 and IPv6).
>
>Alas, nothing seems to make a difference and slapd insists on
>authenticating itself to the slapd provider as
>ldap/localhost at EXAMPLE.COM, which doesn't work.
>
>Could this be a bug? If so, this there a workaround?
--
Dan White
More information about the Cyrus-sasl
mailing list