From owner-freebsd-stable@FreeBSD.ORG  Fri Sep 18 03:49:43 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1AC7A1065670
	for <freebsd-stable@freebsd.org>; Fri, 18 Sep 2009 03:49:43 +0000 (UTC)
	(envelope-from john.marshall@riverwillow.com.au)
Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au
	[203.58.93.36]) by mx1.freebsd.org (Postfix) with ESMTP id 8F03D8FC08
	for <freebsd-stable@freebsd.org>; Fri, 18 Sep 2009 03:49:42 +0000 (UTC)
Received: from rwpc12.mby.riverwillow.net.au (rwpc12.mby.riverwillow.net.au
	[172.25.24.168]) (authenticated bits=0)
	by mail1.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n8I3nZwo096774
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Fri, 18 Sep 2009 13:49:35 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au;
	s=m1001; t=1253245775;
	bh=6AHIcZMzs91RyeMj1ZpqW06ohCLDnYOwTDVRwF4b9xo=;
	h=Date:From:To:Cc:Subject:Message-ID:References:Mime-Version:
	Content-Type:In-Reply-To;
	b=vmt+2SycLUcCLMj3v1rpXSHdZ0OWm4dFnw9ETwfxLjzXopSqYxwnzs9QeqbkUefRN
	kmgZWdfegKpwhemhDKiOUlsZlXNsXtvgJ+GZEX4XPADCWk0XSXwY3flNedRcoN5Op+
	3FiyBQv+0PNjmMF79WDXfBpOD13J7UqT6vhJjdtc=
Received: from rwpc12.mby.riverwillow.net.au (localhost [127.0.0.1])
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3) with ESMTP id
	n8I3nY8h039464; Fri, 18 Sep 2009 13:49:35 +1000 (AEST)
	(envelope-from john.marshall@riverwillow.com.au)
Received: (from john@localhost)
	by rwpc12.mby.riverwillow.net.au (8.14.3/8.14.3/Submit) id
	n8I3nYUc039463; Fri, 18 Sep 2009 13:49:34 +1000 (AEST)
	(envelope-from john)
Date: Fri, 18 Sep 2009 13:49:33 +1000
From: John Marshall <john.marshall@riverwillow.com.au>
To: George Mamalakis <mamalos@eng.auth.gr>
Message-ID: <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au>
Mail-Followup-To: George Mamalakis <mamalos@eng.auth.gr>,
	freebsd-stable <freebsd-stable@freebsd.org>
References: <4AB27FB6.4010806@eng.auth.gr>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6"
Content-Disposition: inline
In-Reply-To: <4AB27FB6.4010806@eng.auth.gr>
User-Agent: Mutt/1.4.2.3i
OpenPGP: id=A29A84A2; url=http://pki.riverwillow.net.au/pgp/johnmarshall.asc
Cc: freebsd-stable <freebsd-stable@freebsd.org>
Subject: Re: SASL problems with spnego on 8.0-BETA4
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Sep 2009 03:49:43 -0000


--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote:
> Dear all,
>=20
> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I=20
> run ldapsearch to see if I can authenticate via GSSAPI I keep getting=20
> the following error:
>=20
> [root@ldap root]# ldapsearch  -H "ldap://ldap.example.com/" -b=20
> "dc=3Dexample,dc=3Dcom"
> SASL/GSSAPI authentication started
> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol=20
> "GSS_C_NT_HOSTBASED_SERVICE"
> ldap_sasl_interactive_bind_s: Local error (-2)
>=20
>=20
> in ldap.conf (loglevel args stats) I am getting:
>=20
> Sep 17 21:24:46 ldap slapd[44607]: conn=3D11 fd=3D13 ACCEPT from=20
> IP=3D192.168.35.10:32598 (IP=3D0.0.0.0:389)
> Sep 17 21:24:46 ldap slapd[44607]: connection_get(13)
> Sep 17 21:24:46 ldap slapd[44607]: conn=3D11 fd=3D13 closed (connection l=
ost)
>=20
> The ports I installed are:
>=20
> cyrus-sasl-2.1.23
> openldap-sasl-client-2.4.18
> openldap-sasl-server-2.4.18_1
>=20
> I cannot resolve this issue, so if anyone knows anything, I would be=20
> grateful if I could have a hint.
>=20
> Thank you all for your time in advance.

I don't remember if the symptoms I saw were identical, but I couldn't
use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2.  I solved my
problem by installing a newer Heimdal as a port and then rebuilding
SASL2 against the newer Heimdal.

NB. To build security/cyrus-sasl2 against the Heimdal port, I added the
following line to my /usr/local/etc/ports.conf (see:
ports-mgmt/portconf)

  security/cyrus-sasl2: HEIMDAL_HOME=3D/usr/local

FreeBSD 8.0 includes Heimdal 1.1.0 in the base system.  The Heimdal port
is older (1.0.1).  The heimdal-1.2.1 port patch I used was submitted to
GNATS a couple of hours ago.  No response from GNATS yet but it should
be available there sometime soon.

--=20
John Marshall

--IJpNTDwzlM2Ie8A6
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)

iEYEARECAAYFAkqzA00ACgkQw/tAaKKahKK01wCgs4z0XxlKMk9TNXmrVTvb292B
C04AnjuzXA6tTVTaE/Zq2qzNj9ICjNTq
=yIDK
-----END PGP SIGNATURE-----

--IJpNTDwzlM2Ie8A6--