SASL problems with spnego on 8.0-BETA4

John Marshall john.marshall at riverwillow.com.au
Fri Sep 18 03:49:43 UTC 2009 

On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote:
> Dear all,
> 
> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I 
> run ldapsearch to see if I can authenticate via GSSAPI I keep getting 
> the following error:
> 
> [root at ldap root]# ldapsearch  -H "ldap://ldap.example.com/" -b 
> "dc=example,dc=com"
> SASL/GSSAPI authentication started
> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol 
> "GSS_C_NT_HOSTBASED_SERVICE"
> ldap_sasl_interactive_bind_s: Local error (-2)
> 
> 
> in ldap.conf (loglevel args stats) I am getting:
> 
> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 ACCEPT from 
> IP=192.168.35.10:32598 (IP=0.0.0.0:389)
> Sep 17 21:24:46 ldap slapd[44607]: connection_get(13)
> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 closed (connection lost)
> 
> The ports I installed are:
> 
> cyrus-sasl-2.1.23
> openldap-sasl-client-2.4.18
> openldap-sasl-server-2.4.18_1
> 
> I cannot resolve this issue, so if anyone knows anything, I would be 
> grateful if I could have a hint.
> 
> Thank you all for your time in advance.

I don't remember if the symptoms I saw were identical, but I couldn't
use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2.  I solved my
problem by installing a newer Heimdal as a port and then rebuilding
SASL2 against the newer Heimdal.

NB. To build security/cyrus-sasl2 against the Heimdal port, I added the
following line to my /usr/local/etc/ports.conf (see:
ports-mgmt/portconf)

  security/cyrus-sasl2: HEIMDAL_HOME=/usr/local

FreeBSD 8.0 includes Heimdal 1.1.0 in the base system.  The Heimdal port
is older (1.0.1).  The heimdal-1.2.1 port patch I used was submitted to
GNATS a couple of hours ago.  No response from GNATS yet but it should
be available there sometime soon.

-- 
John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20090918/ffc040d2/attachment.pgp

More information about the freebsd-stable mailing list