[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [krb5kdc] LDAP handle unavailable: Can't contact LDAP server on kinit

Hi Zoran,
the logs you attached seem to tell that the connection failed.
Does ldapsearch with the same conf options and credentials used in krb5.conf actually work ?


----- Original Message -----
> Hi,
> I have strange problem with krb5 krb5-server-ldap and FC14. Tried to
> resolve it my self, but i'am stuck. Stangest thing is that all of this
> work perfectly with fc13 so it's no config issue. I could not find any
> major difference in krb5 from fc13 to fc14. Only thing is that libldap
> from openldap-clients is compiled with mozilla nss (fc14) instead of
> OpenSSL (fc13) but krb5kdc is connected to ldap servers which I
> confirmed in ldap server logs, so it should not be TLS related
> problem.
> krb5kdc bind for first time and get realm related stuff. But when I
> run
> kinit it returns "kinit: Generic error (see e-text) while getting
> initial credentials".
> Strangest this is that all works perfectly if I manually run krb5kdc
> "/usr/sbin/krb5kdc -r ST -P /var/run/krb5kdc.pid" instead of using
> initscripts.
> Attached krb5.conf, patch to enhance krb5kdc debugging and log file
> created with this patch included.
> This may not be right list but I think that freeipa should have same
> bug. Feel free to ask for more debugging or probing new patches.
> Best regards,
> Zoran Pericic
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel redhat com
> https://www.redhat.com/mailman/listinfo/freeipa-devel

Simo Sorce * Red Hat, Inc. * New York

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]