This is a continuation of a problem I have been having. Samba 4 has recently changed to require binds. I need LDAP to verify users exist. I am using Kerberos (GSSAPI) as the passdb. Samba can handle GSSAPI/Kerberos SASL binds.
I have the following in my dovecot-ldap setup for userdb:
dn = smtp/mailhost.example.org@EXAMPLE.ORG sasl_bind = yes sasl_mech = GSSAPI sasl_realm = EXAMPLE.ORG sasl_authz_id = smtp/mailhost.example.org@EXAMPLE.ORG
Which gives me the following error.
Debug: ldap(trever): user search: base=dc=example,dc=org scope=subtree filter=(&(objectClass=person)(|(mail=trever)(sAMAccountName=trever)(userPrincipalName=trever))) fields=userPrincipalName
dovecot: auth: Error: LDAP: binding failed (dn smtp/mailhost.example.org@EXAMPLE.ORG): Local error, SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credentials cache file '/tmp/krb5cc_97' not found)
Additionally, I have "auth_krb5_keytab = /etc/dovecot/krb5.keytab" setup for the GSSAPI user login.
The credential cache should be that file should it not? If not, how do I go about setting that up so that it will work.
Thank you, Trever
"The only true happiness comes from squandering ourselves for a purpose." -- William Cowper