Web lists-archives.com

Re: [Samba] openindiana GSSAPI failure to samba 4.6.6




Hi Ralphe,

   I actually had already set that parameter to no to fix another problem.
This really looks like a kerberos issue.

Thanks for the reply,
Greg

On Fri, Jul 28, 2017 at 9:45 AM, Ralph Böhme <slow@xxxxxxxxx> wrote:

> On Fri, Jul 28, 2017 at 09:20:29AM -0400, Greg Dickie via samba wrote:
> > Hi,
> >
> >  We recently updated our AD servers to 4.6.6 and one of the things that
> > stopped working was our zfs server running illumos. The idmap daemon is
> > trying to bind to ldap using sasl/GSSAPI and is failing with
> >
> > additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
> > failure.  Minor code may provide more information (Client not found in
> > Kerberos database)
>
> not 100% sure, but iirc this one should help:
>
> ldap server require strong auth = allow_sasl_over_tls
>
> Cf https://www.samba.org/samba/security/CVE-2016-2112.html
>
> -slow
>



-- 


Greg Dickie
just a guy
514-983-5400
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba