[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Server unknown" error

On Feb 14, 2006, at 8:24 PM, Gilles wrote:

> Hello.
> I'm experimenting with Kerberos and LDAP, and I'm now
> quite confused with the following error:
> $ ldapwhoami -H ldap://db -Y GSSAPI
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Local error (-2)
>         additional info: SASL(-1): generic failure: GSSAPI Error:   
> Miscellaneous failure (see text) (Server (ldap/ 
> db.harfang.homelinux.org@HARFANG.HOMELINUX.ORG) unknown)
This is the name of the service you are trying to use.  Client and  
server need to agree on it and it is "ldap" if the service is an ldap  
server using gssapi.  If you want to change it to "db" then you need  
to rewrite both your ldap server and all your ldap clients.  (Don't  
think you want to do this.)

The name after the "/" is the FQDN of the server, usually acquired by  
doing a reverse lookup of the IP address of the server.  Client and  
server likewise need to agree on it, which is why you need to make  
sure the FQDN comes first in /etc/hosts on the server.  (This doesn't  
seem to be your problem.)

> The fact is that I had created a "ldap/db.harfang.homelinux.org"
> principal. And the above command had been working.
> Subsequently, I removed that principal and created another one
> named "db/db.harfang.homelinux.org".
> So, where does that command find a reference to the old name?

The name is determined as above.

> Thanks for your help.
> Gilles
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu