Date: Fri, 18 Sep 2009 11:21:19 +0300 From: George Mamalakis <mamalos@eng.auth.gr> To: freebsd-stable <freebsd-stable@freebsd.org> Subject: SASL problems with spnego, heimdal, AND openldap on 8.0-BETA4 Message-ID: <4AB342FF.8020103@eng.auth.gr>
next in thread | raw e-mail | index | archive | help
Dear all, I changed the subject of my email, due to today's results on my configurations, regarding SASL authentication on openldap-sasl-server-2.4.18_1, with cyrus-sasl-2.1.23, and fbsd's 8-BETA4 heimdal. When I try to ldapsearch from another machine to the openldap server, slapd hangs! The client goes like that: ( client-host$ ldapsearch -d 255 -H ldap://ldap.example.com -b 'dc=example,dc=com' ldap_url_parse_ext(ldap://ldap.example.com) ldap_create ldap_url_parse_ext(ldap://ldap.example.com:389/??base) ldap_sasl_interactive_bind_s: user selected: GSSAPI ldap_int_sasl_bind: GSSAPI ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.example.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 1.2.3.4:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_int_sasl_open: host=ldap.example.com SASL/GSSAPI authentication started ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x34142000 ptr=0x34142000 end=0x341422b4 len=692 0000: 30 82 02 b0 02 01 01 60 82 02 a9 02 01 03 04 00 0......`........ 0010: a3 82 02 a0 04 06 47 53 53 41 50 49 04 82 02 94 ......GSSAPI.... 0020: 60 82 02 90 06 09 2a 86 48 86 f7 12 01 02 02 01 `.....*.H....... 0030: 00 6e 82 02 7f 30 82 02 7b a0 03 02 01 05 a1 03 .n...0..{....... ..... packet infrormation..... ber_scanf fmt ({i) ber: ber_dump: buf=0x34142000 ptr=0x34142007 end=0x341422b4 len=685 0000: 60 82 02 a9 02 01 03 04 00 a3 82 02 a0 04 06 47 `..............G 0010: 53 53 41 50 49 04 82 02 94 60 82 02 90 06 09 2a SSAPI....`.....* 0020: 86 48 86 f7 12 01 02 02 01 00 6e 82 02 7f 30 82 .H........n...0. ..... more packet infrormation..... ber_flush2: 692 bytes to sd 3 0000: 30 82 02 b0 02 01 01 60 82 02 a9 02 01 03 04 00 0......`........ 0010: a3 82 02 a0 04 06 47 53 53 41 50 49 04 82 02 94 ......GSSAPI.... 0020: 60 82 02 90 06 09 2a 86 48 86 f7 12 01 02 02 01 `.....*.H....... ..... even more packet infrormation..... ldap_write: want=692, written=692 0000: 30 82 02 b0 02 01 01 60 82 02 a9 02 01 03 04 00 0......`........ 0010: a3 82 02 a0 04 06 47 53 53 41 50 49 04 82 02 94 ......GSSAPI.... ..... even even more packet infrormation ldap_result ld 0x34124040 msgid 1 wait4msg ld 0x34124040 msgid 1 (infinite timeout) wait4msg continue ld 0x34124040 msgid 1 all 1 ** ld 0x34124040 Connections: * host: ldap.example.com port: 389 (default) refcnt: 2 status: Connected last used: Fri Sep 18 11:02:10 2009 ** ld 0x34124040 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x34124040 request count 1 (abandoned 0) ** ld 0x34124040 Response Queue: Empty ld 0x34124040 response count 0 ldap_chkResponseList ld 0x34124040 msgid 1 all 1 ldap_chkResponseList returns ld 0x34124040 NULL ldap_int_select read1msg: ld 0x34124040 msgid 1 all 1 ber_get_next ldap_read: want=8, got=0 ber_get_next failed. ldap_free_connection 1 0 ldap_free_connection: actually freed ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) ) And this is where it loses connection. From the server's point of view, the only thing I get from the logs (loglevel args config stats) is: Sep 18 11:02:08 ldap slapd[2257]: conn=1 fd=13 ACCEPT from IP=1.2.3.5:50345 (IP=0.0.0.0:389) Sep 18 11:02:08 ldap slapd[2257]: connection_get(13) Sep 18 11:02:08 ldap slapd[2257]: conn=1 op=0 BIND dn="" method=163 Sep 18 11:02:08 ldap slapd[2257]: ==> sasl_bind: dn="" mech=GSSAPI datalen=660 And after that the server is down.. I don't know what to do, I'll try to update heimdal to version 1.2.1, as John Marshall advised me in his last email.. If anyone knows anything more, I would be delighted if he could share it on this list. Thanx again for reading. -- George Mamalakis IT Officer Electrical and Computer Engineer (Aristotle Un. of Thessaloniki), MSc (Imperial College of London) Department of Electrical and Computer Engineering Faculty of Engineering Aristotle University of Thessaloniki phone number : +30 (2310) 994379
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AB342FF.8020103>