[Dovecot] LDAP and GSSAPI problems

Trever L. Adams trever.adams at gmail.com
Wed Feb 2 23:29:45 EET 2011


This is a continuation of a problem I have been having. Samba 4 has
recently changed to require binds. I need LDAP to verify users exist. I
am using Kerberos (GSSAPI) as the passdb. Samba can handle
GSSAPI/Kerberos SASL binds.

I have the following in my dovecot-ldap setup for userdb:

dn = smtp/mailhost.example.org at EXAMPLE.ORG
sasl_bind = yes
sasl_mech = GSSAPI
sasl_realm = EXAMPLE.ORG
sasl_authz_id = smtp/mailhost.example.org at EXAMPLE.ORG

Which gives me the following error.

 Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree
filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever)))
fields=userPrincipalName

dovecot: auth: Error: LDAP: binding failed (dn
smtp/mailhost.example.org at EXAMPLE.ORG): Local error, SASL(-1): generic
failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide
more information (Credentials cache file '/tmp/krb5cc_97' not found)

Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup
for the GSSAPI user login.

The credential cache should be that file should it not? If not, how do I
go about setting that up so that it will work.

Thank you,
Trever
-- 
"The only true happiness comes from squandering ourselves for a
purpose." -- William Cowper


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20110202/bf7833c7/attachment.bin 


More information about the dovecot mailing list