Web lists-archives.com

Re: [Samba] openindiana GSSAPI failure to samba 4.6.6




On Fri, Jul 28, 2017 at 09:20:29AM -0400, Greg Dickie via samba wrote:
> Hi,
> 
>  We recently updated our AD servers to 4.6.6 and one of the things that
> stopped working was our zfs server running illumos. The idmap daemon is
> trying to bind to ldap using sasl/GSSAPI and is failing with
> 
> additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> failure.  Minor code may provide more information (Client not found in
> Kerberos database)

not 100% sure, but iirc this one should help:

ldap server require strong auth = allow_sasl_over_tls

Cf https://www.samba.org/samba/security/CVE-2016-2112.html

-slow

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba