Hi. I'm trying to get Linux working with a Windows 2000 Server; in
particular, I'm trying to get it working with Active Directory.
I _basically_ have it working right now. I've set up Heimdal Kerberos
5 so that I can use kinit to get a TGT from the Win2K KDC. I've set
up the OpenLDAP tools so they know to look at the 2K machine. I can
do, e.g., `ldapsearch -x' and get (correct) information.
The problem I'm having now is that I can't authenticate to AD, and as
a result it won't feed me complete information. I can change the ACLs
on the 2K box so that "everyone" has access and then everything works
as I want. But that obviously isn't a satisfactory long-term
So basically what I need is a step-by-step, cookbook-style explanation
of how the hell to get Kerberos working with the OpenLDAP tools.
There is a Kerberos option listed in the man page, but that's only
Kerberos v4 (Win2K requires v5). There is a whole bunch of
gobbledygook about SASL which makes no sense to me, but whenever I try
to use it, it says:
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error
The appropriate plugins for SASL are installed (i.e., the Heimdal
Kerberos one). But I can't get the sample-server and -client programs
to work, either:
Choosing best mechanism from: GSSAPI
sample-client: Starting SASL negotiation: generic failure
Note that these are quite possibly the two worst error messages I have
I'm beginning to suspect that part of my problem here is that I have
no idea what SASL actually is.
I just want to use Kerberos to authenticate to an LDAP server.
Kerberos works on its own; LDAP works on its own; but they don't work
together. Is there anything else I can try? FWIW, I'm running
Debian; it's possible that I need some support that's not compiled
in. (But I have no idea what support I would need, so please tell
"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries." - Rich "Lowtax" Kyanka