Date: Fri, 18 Sep 2009 13:49:33 +1000 From: John Marshall <john.marshall@riverwillow.com.au> To: George Mamalakis <mamalos@eng.auth.gr> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: SASL problems with spnego on 8.0-BETA4 Message-ID: <20090918034933.GI1231@rwpc12.mby.riverwillow.net.au> In-Reply-To: <4AB27FB6.4010806@eng.auth.gr> References: <4AB27FB6.4010806@eng.auth.gr>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote: > Dear all, > > I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I > run ldapsearch to see if I can authenticate via GSSAPI I keep getting > the following error: > > [root@ldap root]# ldapsearch -H "ldap://ldap.example.com/" -b > "dc=example,dc=com" > SASL/GSSAPI authentication started > dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol > "GSS_C_NT_HOSTBASED_SERVICE" > ldap_sasl_interactive_bind_s: Local error (-2) > > > in ldap.conf (loglevel args stats) I am getting: > > Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 ACCEPT from > IP=192.168.35.10:32598 (IP=0.0.0.0:389) > Sep 17 21:24:46 ldap slapd[44607]: connection_get(13) > Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 closed (connection lost) > > The ports I installed are: > > cyrus-sasl-2.1.23 > openldap-sasl-client-2.4.18 > openldap-sasl-server-2.4.18_1 > > I cannot resolve this issue, so if anyone knows anything, I would be > grateful if I could have a hint. > > Thank you all for your time in advance. I don't remember if the symptoms I saw were identical, but I couldn't use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2. I solved my problem by installing a newer Heimdal as a port and then rebuilding SASL2 against the newer Heimdal. NB. To build security/cyrus-sasl2 against the Heimdal port, I added the following line to my /usr/local/etc/ports.conf (see: ports-mgmt/portconf) security/cyrus-sasl2: HEIMDAL_HOME=/usr/local FreeBSD 8.0 includes Heimdal 1.1.0 in the base system. The Heimdal port is older (1.0.1). The heimdal-1.2.1 port patch I used was submitted to GNATS a couple of hours ago. No response from GNATS yet but it should be available there sometime soon. -- John Marshall [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkqzA00ACgkQw/tAaKKahKK01wCgs4z0XxlKMk9TNXmrVTvb292B C04AnjuzXA6tTVTaE/Zq2qzNj9ICjNTq =yIDK -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090918034933.GI1231>