Hi,
system: SuSE-9.2-x86_64, Kernel 2.6.8-24.11
hardware: asus A8V DELUXE, S-ATA Samsung SP0812C
memory: 2x512 MB Infineon
locale: DE_UTF-8
hosts: rubin with amd64, marin with x386
I experience a strange resolver problem with OpenLDAP and I'm not
sure, wether this is a x86_64 issue or an OpenLDAP issue.
Just to demonstrate the problem
,----[ with domain name]
| dieter@rubin:~> ldapsearch -H ldap://marin.l4b.de -b "ou=adressbuch,o=avci,c=de" -s one sn=blei -x
| ldap_bind: Can't contact LDAP server (-1)
`----
,----[ with network address ]
| dieter@rubin:~> ldapsearch -H ldap://192.168.100.95 -b "ou=adressbuch,o=avci,c=de" -s one sn=blei -x
| # extended LDIF
| #
| # LDAPv3
| # base with scope one
| # filter: sn=blei
| # requesting: ALL
| [...]
`----
I cannot authenticate with kerberos GSSAPI from this host to any other
ldap server in my network, but OpenSSH and GSSAPI works flawless. On
the other side, a simple bind works with remote clients
,----[ simple bind from remote host ]
| dieter@marin:~> ldapsearch -H ldap://rubin.l4b.de -b ou=adressbuch,o=avci,c=de -s one sn=blei -x
| # extended LDIF
| #
| # LDAPv3
| # base with scope one
`----
but a gssapi bind fails
dieter@marin:~> ldapsearch -H ldap://rubin.l4b.de -b ou=adressbuch,o=avci,c=de -s one sn=blei -Y gssapi
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Following the last lines of strace
,----[ strace log ]
| endto(0, "\355I\1\0\0\1\0\0\0\0\0\0\5rubin\3l4b\2de\0\0\1\0\1", 30, 0, NULL, 0) = -1 ENOTSOCK (Socket operation on non-socket)
| sendto(0, "\355I\1\0\0\1\0\0\0\0\0\0\5rubin\3l4b\2de\0\0\1\0\1", 30, 0, NULL, 0) = -1 ENOTSOCK (Socket operation on non-socket)
| brk(0x547000) = 0x547000
| open("/etc/hosts", O_RDONLY) = 4
| fcntl(4, F_SETFD, FD_CLOEXEC) = 0
| fstat(4, {st_mode=S_IFREG|0644, st_size=682, ...}) = 0
| mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a96f4a000
| read(4, "#\n# hosts This file desc"..., 4096) = 682
| read(4, "", 4096) = 0
| lseek(4, 0, SEEK_SET) = 0
| read(4, "#\n# hosts This file desc"..., 4096) = 682
| close(4) = 0
| munmap(0x2a96f4a000, 4096) = 0
| stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=25, ...}) = 0
| close(0) = 0
| close(0) = -1 EBADF (Bad file descriptor)
| --- SIGSEGV (Segmentation fault) @ 0 (0) ---
| +++ killed by SIGSEGV +++
`----
The file /etc/resolv.conf is not corrupted or latin-1 encoded
,----[ output of file ]
| dieter@rubin:/etc> file resolv.conf
| resolv.conf: ASCII text, with no line terminators
`----
Just to avoid kerberos configuration discussions, the file
/etc/krb5.keytab is readable and service principals have been created
for ldap and the keys have been exported to keytab.
Any hints?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53