[OpenIndiana-discuss] Kerberose+LDAP wiki recipe = seg fault

Scott LeFevre slefevre at indy.rr.com
Tue Apr 15 16:15:19 UTC 2014


I've been using OI for a while with a lot of success but have hit an
issue and can't find anything useful to resolve it searching the web.

I'm using the dev branch of OI and as of today check its up to date
(OI_151a9). I'm trying to follow the recipe in the OI wiki to setup
Kerberose and LDAP (http://wiki.openindiana.org/oi/Kerberos+and+LDAP )
to allow authentication to an MS AD server.  

The setup seems to go off without a hitch but when I try to test the
setup things don't work.  So for example:

Kerberos auth is working

# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at WATSONS.LOCAL

Valid starting               Expires               Service principal
15/04/2014 11:07  15/04/2014 21:07  krbtgt/WATSONS.LOCAL at WATSONS.LOCAL
        renew until 22/04/2014 11:07
15/04/2014 11:09  15/04/2014 21:07  ldap/fs01.watsons.local at WATSONS.LOCAL
        renew until 22/04/2014 11:07



LDAP query w/ kerberos auth works but produces a seg fault

# ldapsearch -h fs01.watsons.local -b "dc=watsons,dc=local" -o mech=gssapi -o authzid="" -d 1 "uid=Administrator"
compile with -DLDAP_DEBUG for debugging
version: 1
dn: CN=Administrator,CN=Users,DC=watsons,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
distinguishedName: CN=Administrator,CN=Users,DC=watsons,DC=local
instanceType: 4
whenCreated: 20031108180624.0Z
whenChanged: 20140415012217.0Z
displayName: Administrator
.....
msExchUserAccountControl: 0
msExchMailboxGuid:: aykgaS8SGEKzSPVbDNSENg==
msExchPoliciesIncluded: {28BE0CBA-B6B1-4A13-8443-DA6FBE724DB6},{26491CFC-9E50-
 4857-861B-0CB8DF22B5D7}
Segmentation Fault (core dumped)


The ldapclient setup is nearly identical to wiki recipe.  I've included
and excluded serviceSearchDescriptor attribute(s) with the same results
as above.

# ldapclient list 
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= fs01.watsons.local
NS_LDAP_SEARCH_BASEDN= dc=watsons,dc=local
NS_LDAP_AUTH= sasl/GSSAPI
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= self
NS_LDAP_ATTRIBUTEMAP= passwd:homedirectory=unixHomeDirectory
NS_LDAP_ATTRIBUTEMAP= passwd:gecos=cn
NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=user
NS_LDAP_OBJECTCLASSMAP= passwd:posixAccount=user
NS_LDAP_OBJECTCLASSMAP= group:posixGroup=group



# ldaplist -l passwd Administrator
ldaplist: Object not found


In /var/adm/messages I get the following several times:

Apr 15 12:08:20 nas1 nscd[15265]: [ID 293258 daemon.warning] libsldap: Status: 7  Mesg: Session error no available conn.
Apr 15 12:08:21 nas1 nscd[15265]: [ID 293258 daemon.warning] libsldap: Status: 7  Mesg: openConnection: GSSAPI bind failed - 82 Local error



In my searching, I can't find anyone having this issue.  Does anyone
have any ideas how to approach this to get it working?

Thanks!
-- 
Scott LeFevre




More information about the OpenIndiana-discuss mailing list