ldapsearch and kerberos authentication

You may be missing the libsasl2-modules-gssapi-mit package.

Without:

# ldapsearch -H ldap://dc1 -Y GSSAPI -b 'DC=ad-test,DC=vx'
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available: No worthy mechs found

Install:

# apt install libsasl2-modules-gssapi-mit

With:

# ldapsearch -H ldap://dc1 -Y GSSAPI -b 'DC=ad-test,DC=vx'
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL SSF: 256
SASL data security layer installed.
...

SASL is enabled by default, and will auto-detect a compatible mechanism, so specifying -Y GSSAPI isn't even necessary:

# ldapsearch -H ldap://dc1 -b 'DC=ad-test,DC=vx'
SASL/GSSAPI authentication started
SASL username: [email protected]
SASL SSF: 256
SASL data security layer installed.
...

ldapsearch and kerberos authentication

Tags:

Debian

Kerberos

Related

Recent Posts