Thanks for pointing me in the right direction: After some more digging i found out that the problem was a mixture of some missing configuration-files and some file permission problems on the slave! After having fixed all these things everything works as expected! :)
Regards, Christoph Spielmann Guus Leeuw jr. schrieb: > >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:cyrus-sasl- >> [EMAIL PROTECTED] On Behalf Of Christoph Spielmann >> Sent: 07 December 2007 10:12 >> To: cyrus-sasl@lists.andrew.cmu.edu >> Subject: SASL [conn=2] Failure: GSSAPI Error: An unsupported mechanism >> was requested (unknown mech-code 0 for mech unknown) >> >> Hi everybody! >> > > Hi, Dr. Nick! > > [omitted for brevity] > > >> For your information this is more or less the same configuration as the >> main slapd with the few changes necessary for the replica-server... >> >> testsaslauthd works but when i try to connect to the replica-server >> with >> ldapsearch i get the following >> >> ldapsearch -H ldap://slave.gup.uni-linz.ac.at cn=erebos >> SASL/GSSAPI authentication started >> ldap_sasl_interactive_bind_s: Invalid credentials (49) >> additional info: SASL(-13): authentication failure: GSSAPI >> Failure: gss_accept_sec_context >> > > This sounds to me as if the slave cannot check the ticket... Is it listed in > the KDC? > Does it know how to SASL by itself? (as in given that the userPassword is > [EMAIL PROTECTED], can the slave authenticate the user?) > Check /usr/lib(64)/sasl2/*.conf files for sasl settings. > > >> the log on slave looks like this (i just post the interesting part): >> ... >> Dec 7 10:55:01 slave slapd[5314]: do_bind >> Dec 7 10:55:01 slave slapd[5314]: >>> dnPrettyNormal: <> >> Dec 7 10:55:01 slave slapd[5314]: <<< dnPrettyNormal: <>, <> >> Dec 7 10:55:01 slave slapd[5314]: do_sasl_bind: dn () mech GSSAPI >> Dec 7 10:55:01 slave slapd[5314]: conn=2 op=1 BIND dn="" method=163 >> Dec 7 10:55:01 slave slapd[5314]: ==> sasl_bind: dn="" mech=GSSAPI >> datalen=631 >> Dec 7 10:55:01 slave slapd[5314]: SASL [conn=2] Failure: GSSAPI Error: >> An unsupported mechanism was requested (unknown mech-code 0 for mech >> unknown) >> Dec 7 10:55:01 slave slapd[5314]: send_ldap_result: conn=2 op=1 p=3 >> Dec 7 10:55:01 slave slapd[5314]: send_ldap_result: err=49 matched="" >> text="SASL(-13): authentication failure: GSSAPI Failure: >> gss_accept_sec_context" >> Dec 7 10:55:01 slave slapd[5314]: send_ldap_response: msgid=2 tag=97 >> err=49 >> Dec 7 10:55:01 slave slapd[5314]: conn=2 op=1 RESULT tag=97 err=49 >> text=SASL(-13): authentication failure: GSSAPI Failure: >> gss_accept_sec_context >> Dec 7 10:55:01 slave slapd[5314]: <== slap_sasl_bind: rc=49 >> Dec 7 10:55:01 slave slapd[5314]: daemon: activity on 1 descriptor >> Dec 7 10:55:01 slave slapd[5314]: daemon: activity on: >> Dec 7 10:55:01 slave slapd[5314]: 11r >> ... >> >> when i use simple bind (and uncomment the line access to * by * read) >> everything works as expected too, so something must be wrong with >> sasl... >> >> when i send the same search-query to the master-server (using the same >> host as before) i get the desired results so on the client side >> everything seems to be okay. >> >> > > [brevity] >
