From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 Description of problem: after seeting up a slave-slapd and creating a principal for that host on the master-kdc, still no sasl-authentication is possible for a client-request. no problems to query the master-slapd with sasl-authentication. keytab-file on the slave is extracted and in /etc/sysconfig/ldap I also point the daemon to the keytab file. all permissions are set correctly. the errormessage on the client: ldapsearch -h file.rhel.homelinux.com -b "dc=example,dc=com" "(uid=tscherf)" SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Unknown error additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal in keytab matches desired name; this error also exists on other machines we were tested the same setup. Version-Release number of selected component (if applicable): openldap-2.0.27-11 How reproducible: Always Steps to Reproduce: 1.setup a slapd with sasl-authetication 2.create a principal for this host on the kdc, extract the keytab 3.query the slave-slapd Actual Results: ldapsearch -h file.rhel.homelinux.com -b "dc=example,dc=com" "(uid=tscherf)" SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Unknown error additional info: GSSAPI: gss_acquire_cred: Miscellaneous failure; No principal in keytab matches desired name; Expected Results: the correct entry, as it is shown, if asking the master-slapd Additional info:
Not a bug. You have to point the sasl-host name in slapf.conf (on the salve) to the slave-slapd, not to the master. after that, everything works as expected.