Hi Jakub,
Thank you for your help. Here is the command I run and the result. Do you think sssd v1.2.1-4+squeeze1 is not high enough? That is what I have installed. I can also mention my SASL library is called libsasl2-2 and the version is 2.1.23.dfsg1-7.
/usr/bin/ldapsearch -LLL -H ldap://adserver.domain.local/ -Y GSSAPI -N -b "dc=domain,dc=local" cn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Message stream modified
On Dec 19, 2013, at 12:29 PM, Jakub Hrozek <jhrozek@redhat.com> wrote:
On Wed, Dec 18, 2013 at 11:11:12PM +0000, Bryan Harris wrote:
Hello all,
I wasn't sure who to reply to so here goes. I have tried an alternative method of kinit arguments, and received a ticket back this time. I just wanted to mention it and show the output, even though it seems now that I may want to use the Samba tools to do these steps anyway.
Here it is, sanitized.
client = Linux Debian sssd client
domain.local is the AD domain
kinit -k 'host/client.domain.local@DOMAIN.LOCAL'
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/client.domain.local@DOMAIN.LOCAL
Valid starting Expires Service principal
12/18/13 17:06:16 12/19/13 03:06:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
renew until 12/25/13 17:06:16
Bryan
Are you able to request service tickets using this principal? Would
ldapsearch with "-Y GSSAPI" work with this ticket?
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users