[Samba] openindiana GSSAPI failure to samba 4.6.6
Greg Dickie
greg at justaguy.ca
Sat Jul 29 11:38:21 UTC 2017
Hi Ralphe,
I actually had already set that parameter to no to fix another problem.
This really looks like a kerberos issue.
Thanks for the reply,
Greg
On Fri, Jul 28, 2017 at 9:45 AM, Ralph Böhme <slow at samba.org> wrote:
> On Fri, Jul 28, 2017 at 09:20:29AM -0400, Greg Dickie via samba wrote:
> > Hi,
> >
> > We recently updated our AD servers to 4.6.6 and one of the things that
> > stopped working was our zfs server running illumos. The idmap daemon is
> > trying to bind to ldap using sasl/GSSAPI and is failing with
> >
> > additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> > failure. Minor code may provide more information (Client not found in
> > Kerberos database)
>
> not 100% sure, but iirc this one should help:
>
> ldap server require strong auth = allow_sasl_over_tls
>
> Cf https://www.samba.org/samba/security/CVE-2016-2112.html
>
> -slow
>
--
Greg Dickie
just a guy
514-983-5400
More information about the samba
mailing list