[sudo-users] Sudo, nss_ldap, SASL problem
Brandon Ewing
marlboro at warningg.com
Fri Apr 20 14:43:25 EDT 2007
Disregard previous. :)
CentOS4.x nss_ldap was compiled without the configuration flag that enabled
the krb5_ccname flag in /etc/ldap.conf. Respec'd the RPM, recompiled,
reinstalled, works fine now.
Brandon
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com
> [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Brandon Ewing
> Sent: Friday, April 20, 2007 11:17 AM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Sudo, nss_ldap, SASL problem
>
> Greetings,
>
> I am testing out a Kerberos/LDAP installation against a
> Microsoft AD server.
> My test platform is CentOS 4.x running nss_ldap-226 and
> sudo-1.6.7p5 (both
> from CentOS RPMs).
>
> Currently, we are not using a binddn in /etc/ldap.conf to access the
> Microsoft LDAP service - we are instead using SASL (with a
> cached machine
> ticket) to authorize access to the LDAP service:
>
> (/etc/ldap.conf):
>
> use_sasl on
> sasl_authid test$@EXAMPLE.COM
> rootsasl_authid test$@EXAMLE.COM
> rootuse_sasl yes
>
> I am able to log in via Kerberos, and then getent passwd and
> get the full
> user list - however, attempting to run sudo as a kerberos
> user results in
> the following:
>
> -bash-3.00$ getent passwd bob
> bob:!:10000:10000:Bob Dole:/home:/bin/bash
> -bash-3.00$ sudo su -
> sudo: uid 10000 does not exist in the passwd file!
>
> And in /var/log/messages:
> Apr 20 10:51:49 localhost sudo: GSSAPI Error: Miscellaneous
> failure (No
> credentials cache found)
>
> Is there a solution to this, other than putting a binddn in
> the ldap.conf
> (something we would prefer NOT to do)?
>
> Brandon
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
More information about the sudo-users
mailing list