On Thu, Jun 24, 2010 at 02:43:49AM +0400, Alexander Gordeev wrote:
В Wed, 23 Jun 2010 20:57:10 +0400
Alexander Gordeev <lasaine(a)lvk.cs.msu.su> пишет:
> On Wed, 23 Jun 2010 16:33:17 +0200
> Sumit Bose <sbose(a)redhat.com> wrote:
>
> > This message is generated if there is not matching SASL mech entry
> > ('gssapi' in your case) in the 'supportedSASLMechanisms' of
the
> > rootdse. Can you check if your client can read the rootdse and if
> > you can find the gssapi entry there?
>
> Thanks, I think I've found out what's going on!
>
[snip]
>
> I've looked at the code and found that sssd doesn't add any explicit
> attribute requests indeed, so I made a quick patch, which I'll post in
> reply to this letter. Please note that I haven't tested it yet, will
> do that later.
I've just tested the patch and it works. I only had to add const
qualifier to eliminate warning. But while getting supported SASL
mechanisms works good now I'm stuck with the next issue: GSSAPI auth
fails. Here is the log:
(Wed Jun 23 22:56:00 2010) [sssd[be[GNET]]] [sasl_bind_send] (4): Executing sasl bind
mech: gssapi, user: host/desktopvm.gnet@GNET
(Wed Jun 23 22:56:00 2010) [sssd[be[GNET]]] [sasl_bind_send] (1): ldap_sasl_bind failed
(50)[Insufficient access]
Can you check what happens on the server?
bye,
Sumit