Hi,
First, thanks a lot for this great product! Very helpful!
My currently installed release version is 5.0-1 errata302 (installed on a KVM). Well, I’m trying to connect from a Linux machine to the UCS using a tool called msktutil (version 2.1 found on github) and I’m getting the following error:
Error: ldap_sasl_interactive_bind_s failed (Unknown authentication method)
additional info: SASL(-4): no mechanism available: No worthy mechs found
Error: ldap_connect failed
On purpose, I didn’t include in this post, all options I used with msktutil (and kinit, krb5.conf) because those tools are too specific but if needed, I can share them. Instead, I share with you the output of the more classical command “ldapsearch” that produces a similar error when used with or without the ‘-Y’ option. Without the -Y the command works properly as follows (I get a response with the right content):
ldapsearch -v -LLL -D 'cn=administrator,cn=users,dc=example,dc=com' -w $(cat /usr/etc/openldap/ldap.passwd) -b 'cn=computers,dc=example,dc=com' cn=proxy
when explicitly specifying the SASL mechanism using the option -Y, the ldapsearch command returns errors as follows:
ldapsearch -v -LLL -D 'cn=administrator,cn=users,dc=example,dc=com' -w $(cat /usr/etc/openldap/ldap.passwd) -b 'cn=computers,dc=example,dc=com' -Y GSSAPI cn=proxy
ldap_initialize( <DEFAULT> )
ldap_sasl_interactive_bind: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
As you can see, I’m using the SASL mechanism GSSAPI (with the -Y option).
My first question is: what SASL mechs are supported by UCS (samba4)?
My second question: maybe I’m completely on a wrong way. Any suggestions about what should I do to make it work?
FYI there is an option with the msktutil that allows you to specify the SASL mechanisms so that’s why I’m looking for supported SASL mechanisms by UCS. Without any options, msktutil tries the following SASL mechanisms: GSS-SPNEGO and GSSAPI. But non of them works.
Thank is advance and Best Regards,
UTM