From owner-freebsd-stable@FreeBSD.ORG Fri Sep 18 11:19:40 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D86810656C8 for ; Fri, 18 Sep 2009 11:19:40 +0000 (UTC) (envelope-from mamalos@eng.auth.gr) Received: from vergina.eng.auth.gr (vergina.eng.auth.gr [155.207.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id CD07E8FC0C for ; Fri, 18 Sep 2009 11:19:39 +0000 (UTC) Received: from mamalacation.ee.auth.gr (mamalacation.ee.auth.gr [155.207.33.29]) by vergina.eng.auth.gr (8.14.3/8.14.1) with ESMTP id n8IBJX9L083993; Fri, 18 Sep 2009 14:19:34 +0300 (EEST) (envelope-from mamalos@eng.auth.gr) Message-ID: <4AB36CC0.6010703@eng.auth.gr> Date: Fri, 18 Sep 2009 14:19:28 +0300 From: George Mamalakis User-Agent: Thunderbird 2.0.0.19 (X11/20090226) MIME-Version: 1.0 To: George Mamalakis , freebsd-stable References: <4AB27FB6.4010806@eng.auth.gr> <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> In-Reply-To: <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: SASL problems with spnego on 8.0-BETA4 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2009 11:19:40 -0000 John Marshall wrote: > On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote: > >> Dear all, >> >> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I >> run ldapsearch to see if I can authenticate via GSSAPI I keep getting >> the following error: >> >> [root@ldap root]# ldapsearch -H "ldap://ldap.example.com/" -b >> "dc=example,dc=com" >> SASL/GSSAPI authentication started >> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol >> "GSS_C_NT_HOSTBASED_SERVICE" >> ldap_sasl_interactive_bind_s: Local error (-2) >> >> >> in ldap.conf (loglevel args stats) I am getting: >> >> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 ACCEPT from >> IP=192.168.35.10:32598 (IP=0.0.0.0:389) >> Sep 17 21:24:46 ldap slapd[44607]: connection_get(13) >> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 closed (connection lost) >> >> The ports I installed are: >> >> cyrus-sasl-2.1.23 >> openldap-sasl-client-2.4.18 >> openldap-sasl-server-2.4.18_1 >> >> I cannot resolve this issue, so if anyone knows anything, I would be >> grateful if I could have a hint. >> >> Thank you all for your time in advance. >> > > I don't remember if the symptoms I saw were identical, but I couldn't > use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2. I solved my > problem by installing a newer Heimdal as a port and then rebuilding > SASL2 against the newer Heimdal. > > NB. To build security/cyrus-sasl2 against the Heimdal port, I added the > following line to my /usr/local/etc/ports.conf (see: > ports-mgmt/portconf) > > security/cyrus-sasl2: HEIMDAL_HOME=/usr/local > > FreeBSD 8.0 includes Heimdal 1.1.0 in the base system. The Heimdal port > is older (1.0.1). The heimdal-1.2.1 port patch I used was submitted to > GNATS a couple of hours ago. No response from GNATS yet but it should > be available there sometime soon. > > John, thank you for your answer, first of all. Now to your email: Could you please send me the location from where you downloaded the heimdal-1.2.1 ? I would really appreciate it if you could send it to me to test it on my machine so as to proceed with my configuration. Thank you for your time in advance. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379