It is better in the fact, you are pretty sure you have a configuration issue and you are connecting :) You may need -u <username> for the client piece which corresponds to your kerberos principal. You actually need '-s slapd' and a corresponding slapd.conf in /usr/lib/sasl2/slapd.conf that simply reads something like: mech_list: GSSAPI I can't find my notes atm. but that should give you a couple of more things to try. On Fri, 5 Sep 2008, Ric wrote: > Hi Sean, > > On Fri, 05 Sep 2008 06:33:47 -0700 Sean O'Malley <omalleys@xxxxxxx> > wrote: > >To test this you want to use cyrus_sasl_sample_client and > >cyrus_sasl_sample_server in your case they emulate the ldap client > >and > >ldap server. > > Yes, I understand that. You may have missed, per my OP, that I > _am_ using "cyrus_sasl_sample_server" ... > > >You really want something more along the lines of: > >cyrus_sasl_sample_server -p 389 -s ldap -m GSSAPI > >cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI localhost > > > Ok, so port (-p) *is* port. Thanks. That really is confusing in > the 'examples' ... > > Trying this > > cyrus_sasl_sample_client -p 389 -s ldap -m GSSAPI > dirsvr.domain.com > > I no longer get the 'error' as before. @ console, there's just no > further ouput ... it just sits there. > > In syslog, all I see is: > > Sep 5 06:43:40 auth slapd[29998]: conn=2 fd=11 ACCEPT from > IP=10.0.1.16:55993 (IP=10.0.1.16:389) > > So, a different result, yes. But 'better'? I'm not sure ... > > Ric > > -- > Love chocolate? Click now and indulge your passion! > http://tagline.hushmail.com/fc/Ioyw6h4e5I5WvzG2ZAaB83xicVDs2zemqhjc9885xih7K9dUmYKQlv/ > > -------------------------------------- Sean O'Malley, Information Technologist Michigan State University -------------------------------------
