 We recently updated our AD servers to 4.6.6 and one of the things that
stopped working was our zfs server running illumos. The idmap daemon is
trying to bind to ldap using sasl/GSSAPI and is failing with

additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
failure.  Minor code may provide more information (Client not found in
Kerberos database)

I think this is usually caused by DNS inconsistencies but everthing looks
fine and it was working before the upgrade.

klist shows tickets
and doing and ldapsearch on the command line using GSSAPI seems to work

Has anyone encountered this? Any idea how to debug?



Greg Dickie
just a guy
