GSSAPI and LDAP

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GSSAPI and LDAP

Brendan Kearney
i am trying to have my dhcpd instances access their configs from ldap
and want to use the ldap-gssapi-principal and ldap-gssapi-keytab
directives to specify authentication.  i seem to be having issues, and
documentation is a bit scarce as to what i need to do.

the keytab i have is valid and i can run "kinit -kt file.keytab
principal@REALM" and retrieve a TGT ticket.  ldapwhoami shows that the
id is being mapped correctly to the user object i have setup.

when i a script with the below lines in it:

export KRB5_CLIENT_KTNAME=/etc/dhcp/dhcpd.keytab
reset ; dhcpd -d -4 -f -t -T -cf /etc/dhcp/dhcpd.conf.ldap bond0
export KRB5_CLIENT_KTNAME=

i get the below error:

Internet Systems Consortium DHCP Server 4.3.4
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Using ccache MEMORY:dhcp_ld_krb5_cc

Credentials are not present in cache (Matching credential not found)

No valid krb5 credentials

Err: Failed to get initial credentials TGT
  -> Invalid argument

Error: Cannot SASL bind to ldap server server2.domain.tld:389: Can't
contact LDAP server
     Additional info: (null)
Configuration file errors encountered -- exiting

This version of ISC DHCP is based on the release available
on ftp.isc.org.  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the Red Hat Bugzilla site:
     http://bugzilla.redhat.com

exiting.

what am i missing?  how can i get gssapi based auth working for dhcpd?

thanks in advance,

brendan

_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users
Reply | Threaded
Open this post in threaded view
|

Re: GSSAPI and LDAP

Michael Ströder
Brendan Kearney wrote:

> i am trying to have my dhcpd instances access their configs from ldap and want
> to use the ldap-gssapi-principal and ldap-gssapi-keytab directives to specify
> authentication.
> [..]
> Credentials are not present in cache (Matching credential not found)
>
> No valid krb5 credentials
>
> Err: Failed to get initial credentials TGT
>  -> Invalid argument
Are you running chroot-ed?

Ciao, Michael.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: GSSAPI and LDAP

Brendan Kearney
On 12/03/2016 03:23 PM, Michael Ströder wrote:
Brendan Kearney wrote:
i am trying to have my dhcpd instances access their configs from ldap and want
to use the ldap-gssapi-principal and ldap-gssapi-keytab directives to specify
authentication.
[..]
Credentials are not present in cache (Matching credential not found)

No valid krb5 credentials

Err: Failed to get initial credentials TGT
 -> Invalid argument
Are you running chroot-ed?

Ciao, Michael.



_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users

no, i am not.


_______________________________________________
dhcp-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/dhcp-users