Can you post the whole output of msktutil with --verbose please. If msktutil
fails with TLS on port 389 it will try again without TLS.
Regards
Markus
"Tom Tux" <tomtux80@xxxxxxxxx> wrote in message
news:AANLkTil1Fhq5Ks3NX8MoSTKIC2qOACz1xpMp6wH6RpkD@xxxxxxxxxxxxxxxxx
this works. I'm also able to telnet with tcp 636 (ldaps).
I'm just searching for a solution to kerberise squid without the need
of winbind/smb.
2010/6/28 Nick Cairncross <Nick.Cairncross@xxxxxxxxxxxxxxx>:
They seem ok.
Telnet to your dc on 389?
On 28/06/2010 14:40, "Tom Tux" <tomtux80@xxxxxxxxx> wrote:
which ldap-libraries should be installed?
The following devel-packages are installed (SLES11-System):
- openldap2-devel
- cyrus-sasl-devel
2010/6/28 Nick Cairncross <Nick.Cairncross@xxxxxxxxxxxxxxx>:
Missing ldap libraries maybe?
On 28/06/2010 12:32, "Tom Tux" <tomtux80@xxxxxxxxx> wrote:
Hi
I'm trying to generate a computer-account with msktutil:
I got the following error:
...
...
- ldap_connect: Connecting to LDAP server: dc1.domain.com try_tls=YES
SASL/GSSAPI authentication started
SASL username: admin@xxxxxxxxxx
SASL SSF: 0
Error: ldap_set_option (option=) failed (Can't contact LDAP server)
-- ~KRB5Context: Destroying Kerberos Context
I have a valid ticket (klist), initiated with adminuser@xxxxxxxxxxx
Have someone any hints? I see, that the msktutil tries with tls
(encrypted) on port 389 (ldap) on the domain-controller. Can I use
native (unencrypted) ldap?
Thanks a lot.
Tom
** Please consider the environment before printing this e-mail **
The information contained in this e-mail is of a confidential nature and
is intended only for the addressee. If you are not the intended
addressee, any disclosure, copying or distribution by you is prohibited
and may be unlawful. Disclosure to any party other than the addressee,
whether inadvertent or otherwise, is not intended to waive privilege or
confidentiality. Internet communications are not secure and therefore
Conde Nast does not accept legal responsibility for the contents of this
message. Any views or opinions expressed are those of the author.
Company Registration details:
The Conde Nast Publications Ltd
Vogue House
Hanover Square
London W1S 1JU
Registered in London No. 226900
The information contained in this e-mail is of a confidential nature and
is intended only for the addressee. If you are not the intended addressee,
any disclosure, copying or distribution by you is prohibited and may be
unlawful. Disclosure to any party other than the addressee, whether
inadvertent or otherwise, is not intended to waive privilege or
confidentiality. Internet communications are not secure and therefore
Conde Nast does not accept legal responsibility for the contents of this
message. Any views or opinions expressed are those of the author.
The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square,
London W1S 1JU
