Hi Rob, yes,I did follow this one and do have a SASL mapping. Is that really anything I need? What about the configuration of saslauthd? For now I have the following configuration: /etc/sysconfig/saslauthd SOCKETDIR=/var/run/saslauthd MECH=kerberos5 FLAGS= /usr/lib/sasl2/slapd.conf mech_list: plain gssapi digest-md5 cram-md5 external pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux keytab: /etc/krb5.keytab SASL Mapping: nssaslmapfiltertemplate: (uid=\1) nssaslmapregexstring: \(.*\)@\(.*\) Regards, Johannes Hintermayer On Thu, 2007-07-26 at 08:43 -0400, Rob Crittenden wrote: > Hintermayer Johannes wrote: > > Hi Marty and Rob, > > > > thanks for your answers. > > > > The FDS user indeed wasn't able to access /etc/krb5.keytab. After I > > changed that, the error message changed to: > > > > [root@vafbds01 ~]# ldapsearch -Y GSSAPI -D "uid=bsmith,ou=People,dc=afb,dc=lan" -v > > ldap_initialize( <DEFAULT> ) > > SASL/GSSAPI authentication started > > ldap_sasl_interactive_bind_s: Invalid credentials (49) > > additional info: SASL(-14): authorization failure: > > > > > > Have you seen this: http://directory.fedoraproject.org/wiki/Howto:Kerberos > > rob > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
