SASL problems with spnego on 8.0-BETA4

George Mamalakis mamalos at eng.auth.gr
Fri Sep 18 11:19:40 UTC 2009 

John Marshall wrote:
> On Thu, 17 Sep 2009, 21:28 +0300, George Mamalakis wrote:
>   
>> Dear all,
>>
>> I am trying to setup ldap with heimdal on my fbsd 8.0-BETA4 and when I 
>> run ldapsearch to see if I can authenticate via GSSAPI I keep getting 
>> the following error:
>>
>> [root at ldap root]# ldapsearch  -H "ldap://ldap.example.com/" -b 
>> "dc=example,dc=com"
>> SASL/GSSAPI authentication started
>> dlopen: /usr/lib/libgssapi_spnego.so.10: Undefined symbol 
>> "GSS_C_NT_HOSTBASED_SERVICE"
>> ldap_sasl_interactive_bind_s: Local error (-2)
>>
>>
>> in ldap.conf (loglevel args stats) I am getting:
>>
>> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 ACCEPT from 
>> IP=192.168.35.10:32598 (IP=0.0.0.0:389)
>> Sep 17 21:24:46 ldap slapd[44607]: connection_get(13)
>> Sep 17 21:24:46 ldap slapd[44607]: conn=11 fd=13 closed (connection lost)
>>
>> The ports I installed are:
>>
>> cyrus-sasl-2.1.23
>> openldap-sasl-client-2.4.18
>> openldap-sasl-server-2.4.18_1
>>
>> I cannot resolve this issue, so if anyone knows anything, I would be 
>> grateful if I could have a hint.
>>
>> Thank you all for your time in advance.
>>     
>
> I don't remember if the symptoms I saw were identical, but I couldn't
> use GSSAPI to authenticate to OpenLDAP on 8.0-BETA2.  I solved my
> problem by installing a newer Heimdal as a port and then rebuilding
> SASL2 against the newer Heimdal.
>
> NB. To build security/cyrus-sasl2 against the Heimdal port, I added the
> following line to my /usr/local/etc/ports.conf (see:
> ports-mgmt/portconf)
>
>   security/cyrus-sasl2: HEIMDAL_HOME=/usr/local
>
> FreeBSD 8.0 includes Heimdal 1.1.0 in the base system.  The Heimdal port
> is older (1.0.1).  The heimdal-1.2.1 port patch I used was submitted to
> GNATS a couple of hours ago.  No response from GNATS yet but it should
> be available there sometime soon.
>
>   
John,

thank you for your answer, first of all. Now to your email:

Could you please send me the location from where you downloaded the 
heimdal-1.2.1 ? I would really appreciate it if you could send it to me 
to test it on my machine so as to proceed with my configuration. Thank 
you for your time in advance.

-- 
George Mamalakis

IT Officer
Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
MSc (Imperial College of London)

Department of Electrical and Computer Engineering
Faculty of Engineering
Aristotle University of Thessaloniki

phone number : +30 (2310) 994379

More information about the freebsd-stable mailing list