GSSAPI and LDAP
Brendan Kearney
bpk678 at gmail.com
Sat Dec 3 20:07:36 UTC 2016
i am trying to have my dhcpd instances access their configs from ldap
and want to use the ldap-gssapi-principal and ldap-gssapi-keytab
directives to specify authentication. i seem to be having issues, and
documentation is a bit scarce as to what i need to do.
the keytab i have is valid and i can run "kinit -kt file.keytab
principal at REALM" and retrieve a TGT ticket. ldapwhoami shows that the
id is being mapped correctly to the user object i have setup.
when i a script with the below lines in it:
export KRB5_CLIENT_KTNAME=/etc/dhcp/dhcpd.keytab
reset ; dhcpd -d -4 -f -t -T -cf /etc/dhcp/dhcpd.conf.ldap bond0
export KRB5_CLIENT_KTNAME=
i get the below error:
Internet Systems Consortium DHCP Server 4.3.4
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Using ccache MEMORY:dhcp_ld_krb5_cc
Credentials are not present in cache (Matching credential not found)
No valid krb5 credentials
Err: Failed to get initial credentials TGT
-> Invalid argument
Error: Cannot SASL bind to ldap server server2.domain.tld:389: Can't
contact LDAP server
Additional info: (null)
Configuration file errors encountered -- exiting
This version of ISC DHCP is based on the release available
on ftp.isc.org. Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.
Please report for this software via the Red Hat Bugzilla site:
http://bugzilla.redhat.com
exiting.
what am i missing? how can i get gssapi based auth working for dhcpd?
thanks in advance,
brendan
More information about the dhcp-users
mailing list