Date: Fri, 18 Sep 2009 13:49:33 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: George Mamalakis <mamalos@eng.auth.gr> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: SASL problems with spnego on 8.0-BETA4 Message-ID: <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> In-Reply-To: <4AB27FB6.4010806@eng.auth.gr> References: <4AB27FB6.4010806@eng.auth.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote: > Dear all, >=20 > I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I=20 > run ldapsearch to see if I can authenticate via GSSAPI I keep getting=20 > the following error: >=20 > [root@ldap root]# ldapsearch -H "ldap://ldap.example.com/" -b=20 > "dc=3Dexample,dc=3Dcom" > SASL/GSSAPI authentication started > dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol=20 > "GSS_C_NT_HOSTBASED_SERVICE" > ldap_sasl_interactive_bind_s: Local error (-2) >=20 >=20 > in ldap.conf (loglevel args stats) I am getting: >=20 > Sep 17 21:24:46 ldap slapd[44607]: conn=3D11 fd=3D13 ACCEPT from=20 > IP=3D192.168.35.10:32598 (IP=3D0.0.0.0:389) > Sep 17 21:24:46 ldap slapd[44607]: connection_get(13) > Sep 17 21:24:46 ldap slapd[44607]: conn=3D11 fd=3D13 closed (connection l= ost) >=20 > The ports I installed are: >=20 > cyrus-sasl-2.1.23 > openldap-sasl-client-2.4.18 > openldap-sasl-server-2.4.18_1 >=20 > I cannot resolve this issue, so if anyone knows anything, I would be=20 > grateful if I could have a hint. >=20 > Thank you all for your time in advance. I don't remember if the symptoms I saw were identical, but I couldn't use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2. I solved my problem by installing a newer Heimdal as a port and then rebuilding SASL2 against the newer Heimdal. NB. To build security/cyrus-sasl2 against the Heimdal port, I added the following line to my /usr/local/etc/ports.conf (see: ports-mgmt/portconf) security/cyrus-sasl2: HEIMDAL_HOME=3D/usr/local FreeBSD 8.0 includes Heimdal 1.1.0 in the base system. The Heimdal port is older (1.0.1). The heimdal-1.2.1 port patch I used was submitted to GNATS a couple of hours ago. No response from GNATS yet but it should be available there sometime soon. --=20 John Marshall --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkqzA00ACgkQw/tAaKKahKK01wCgs4z0XxlKMk9TNXmrVTvb292B C04AnjuzXA6tTVTaE/Zq2qzNj9ICjNTq =yIDK -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090918034933.GI1231>