I have a multi-master configuration of 389-directory server. I'm attempting to replicate w/ SASL/GSSAPI but It's not getting the realm. Note this replication is not with Windows AD. It's LDAP to LDAP The error I get is - [15/Mar/2012:10:48:30 -0700] set_krb5_creds - Could not get initial credentials for principal [ldap/server1@] in keytab [WRFILE:/etc/krb5.keytab]: -1765328164 (Cannot resolve network address for KDC in requested realm) [15/Mar/2012:10:48:30 -0700] slapd_ldap_sasl_interactive_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) (SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_99' not found)) [15/Mar/2012:10:48:30 -0700] slapi_ldap_bind - Error: could not perform interactive bind for id [] mech [GSSAPI]: error -2 (Local error) In kerberos all principles are created and in the /etc/krb5.keytab the following exist; additionally the permissions have been set all the way to 777 to ensure a permissions issue is not in play. slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 2 host/server1@xxxxxxxxxxx 2 2 host/server1@xxxxxxxxxxx 3 2 host/server1@xxxxxxxxxxx 4 2 host/server1@xxxxxxxxxxx 5 2 host/server2@xxxxxxxxxxx 6 2 host/server2@xxxxxxxxxxx 7 2 host/server2@xxxxxxxxxxx 8 2 host/server2@xxxxxxxxxxx 9 3 ldap/server1@xxxxxxxxxxx 10 3 ldap/server1@xxxxxxxxxxx 11 3 ldap/server1@xxxxxxxxxxx 12 3 ldap/server1@xxxxxxxxxxx 13 3 ldap/server2@xxxxxxxxxxx 14 3 ldap/server2@xxxxxxxxxxx 15 3 ldap/server2@xxxxxxxxxxx 16 3 ldap/server2@xxxxxxxxxxx My question is the following - Shouldn't my first error from above read "[15/Mar/2012:10:48:30 -0700] set_krb5_creds - Could not get initial credentials for principal [ldap/server1@xxxxxxxxxxx]" It makes sense to me that I am missing my realm, without that I of course couldn't get my tgt from the kdc. But where do I define that realm? I've looked in the cn=mapping,cn=sasl,cn=config but have not seen a realm to define. I've tested for fun changing these attributes but to no avail. nssaslmapbase dc=\2,dc=\3 mapregexstring \(.*\)@\(.*\)\.\(.*\) Any help would be greatly appreciated! Software Version - RHEL 6.1 --- 389-admin-1.1.25-1.el6.x86_64.rpm 389-admin-console-1.1.8-1.el6.noarch.rpm 389-adminutil-1.1.14-2.el6.x86_64.rpm 389-console-1.1.7-1.el6.noarch.rpm 389-ds-console-1.2.6-1.el6.noarch.rpm 389-dsgw-1.1.7-2.el6.x86_64.rpm -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
