Quoting "Pallissard, Matthew" <k...@pallissard.net>: > You could also try pointing your new KDC to your old LDAP server to > see whether or not the issue is with your LDAP instance or the KDC > config.
That worked. In other words, the problem is with the new slapd server. > You should check your slapd logs as well. Nothing new there. Hold on! How can I have missed this? slapd[560]: GSSAPI Error: Unspecified GSS failure. \ Minor code may provide more information \ (Server ldap/localh...@example.com not found in Kerberos database) So, it's attempting to authenticate to the Kerberos master as 'localhost'... and it turns out that I had not successfully replicated the DIT after all. Doh! > Also, now that I'm looking at config you originally posted a little > more closely, it looks like you're missing the 'ldap_servers' line ... Omitting that line causes it to connect to ldapi:///. It probably doesn't make a difference, since I don't use it elsewhere, but I'll keep an eye on it. > and that you've misspelled 'ladap_conns_per_server'. Thanks for spotting that. It's a mistake I made years ago and never noticed. But, in this case fixing it made no difference. > FWIW here's a stripped down working config that I've used. I'll check it out later after I've fixed the localhost problem. Thanks! Jaap ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
