[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized

On Tue, Jul 1, 2008 at 2:01 PM,  <fmayer@gmx.de> wrote:
> Hi list,
> I am trying to setup a LDAP-Server with SASL and Kerberos-authentication via
> GSSAPI. The Systems are running debian etch unsing the heimdal-implementation.
> [...]
>> fmayer@client:~$ ldapsearch
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Local error (-2)
>>         additional info: SASL(-1): generic failure: GSSAPI Error: An invalid
> name was supplied
>>         (Hostname cannot be canonicalized)

I assume you are using a single host for this tests. Check /etc/hosts,
because debian/ubuntu has a strange (or something alike)
there. Also, they tend to force local node resolution to
there, so the reverse resolution check might fail.

The other thing that might be failing is the absence of a proper
.my.domain = MY.DOMAIN in the domain_realm section.

try running ldapsearch specifiying node name or addresses on command
line, and that will might produce clarifiying messages.

Javier Palacios