[Samba] openindiana GSSAPI failure to samba 4.6.6

Ralph Böhme slow at samba.org
Fri Jul 28 13:45:58 UTC 2017

On Fri, Jul 28, 2017 at 09:20:29AM -0400, Greg Dickie via samba wrote:
> Hi,
>  We recently updated our AD servers to 4.6.6 and one of the things that
> stopped working was our zfs server running illumos. The idmap daemon is
> trying to bind to ldap using sasl/GSSAPI and is failing with
> additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> failure.  Minor code may provide more information (Client not found in
> Kerberos database)

not 100% sure, but iirc this one should help:

ldap server require strong auth = allow_sasl_over_tls

Cf https://www.samba.org/samba/security/CVE-2016-2112.html


More information about the samba mailing list