On 15 May 2016, at 12:01, Matthew Beckler <mbeckler@overturecenter.org> wrote:
________________________________ From: Isaac Boukris <iboukris@gmail.com> Sent: Friday, May 13, 2016 11:47 AM To: FreeRadius users mailing list Subject: Re: LDAP + SASL Freeradius 3.0.11
Let's leave client keytab aside, if you run 'kinit' followed by 'radiusd -X' does it work (identity commented out)? And makes sure to specify correct FQDN of the DC server.
Same error. Ldapsearch did work after I tried freeradius -X So What I did was this : sudo kinit ldaplookup sudo freeradius -X
Try with v3.1.x just in case some fixes went in there. You also may need to specify keytab location and various other bits as environmental variables. # # SASL parameters to use for admin binds # # When we're prompted by the SASL library, the config items in the SASL # section (in addition to the identity password config items above) # determine the responses given. # # If any directive is commented out, a NULL response will be # provided to cyrus-sasl. # # Unfortunately the only way to control Keberos here is through # environmental variables, as cyrus-sasl provides no API to # set the kerberos (libkrb5) config directly. # # Full documentation for MIT krb5 can be found here: # # http://web.mit.edu/kerberos/krb5-devel/doc/admin/env_variables.html # # At a minimum you probably want to set KRB5_CLIENT_KTNAME. # sasl { # SASL mechanism # mech = 'PLAIN' # SASL authorisation identity to proxy. # proxy = 'autz_id' # SASL realm. Used for kerberos. # realm = 'example.org' } -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2