LDAP + SASL Freeradius 3.0.11
Isaac Boukris
iboukris at gmail.com
Thu May 12 22:30:13 CEST 2016
On Thu, May 12, 2016 at 10:49 PM, Matthew Beckler
<mbeckler at overturecenter.org> wrote:
> So abandoning MD5 trying to get Kerberos working.
> I can do an ldapsearch with GSSAPI however when I try to run sudo freeradius -X I get an error.
> Could not find a step by step document on setting up GSSAPI Kerberos to LDAP so I could have missed some steps.
> Basically what I have done created keytab file with credentials in it.
> I have tested by running Kinit with keytab file then running ldapsearch and I get results successfully.
>
> I set environmental variable KRB5_CLIENT_KTNAME.
>
> Here is the error I get :
>
> rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots used
> rlm_ldap (ldap): Connecting to ldap://srv1.dc.local:389
> rlm_ldap (ldap): Starting SASL mech(s): GSSAPI
> SASL/GSSAPI authentication started
> rlm_ldap (ldap): Bind with ldaplookup at dc.local to ldap://dc.local:389 failed: Local error
Try to comment out identity and password directives in conf.
More information about the Freeradius-Users
mailing list