[squid-users] Re: msktutil: Error: ldap_set_option (option=) failed (Can't contact LDAP server)

Can you post the whole output of msktutil with --verbose please. If msktutil
fails with TLS on port 389 it will try again without TLS.

Regards
Markus

"Tom Tux" <tomtux80_at_gmail.com> wrote in message
news:AANLkTil1Fhq5Ks3NX8MoSTKIC2qOACz1xpMp6wH6RpkD_at_mail.gmail.com...
this works. I'm also able to telnet with tcp 636 (ldaps).

I'm just searching for a solution to kerberise squid without the need
of winbind/smb.

2010/6/28 Nick Cairncross <Nick.Cairncross_at_condenast.co.uk>:
> They seem ok.
>
> Telnet to your dc on 389?
>
>
> On 28/06/2010 14:40, "Tom Tux" <tomtux80_at_gmail.com> wrote:
>
> which ldap-libraries should be installed?
> The following devel-packages are installed (SLES11-System):
> - openldap2-devel
> - cyrus-sasl-devel
>
>
>
> 2010/6/28 Nick Cairncross <Nick.Cairncross_at_condenast.co.uk>:
>> Missing ldap libraries maybe?
>>
>>
>> On 28/06/2010 12:32, "Tom Tux" <tomtux80_at_gmail.com> wrote:
>>
>> Hi
>>
>> I'm trying to generate a computer-account with msktutil:
>>
>> I got the following error:
>> ...
>> ...
>> - ldap_connect: Connecting to LDAP server: dc1.domain.com try_tls=YES
>> SASL/GSSAPI authentication started
>> SASL username: admin_at_DOMAIN.COM
>> SASL SSF: 0
>> Error: ldap_set_option (option=) failed (Can't contact LDAP server)
>> -- ~KRB5Context: Destroying Kerberos Context
>>
>>
>>
>> I have a valid ticket (klist), initiated with adminuser_at_DOMAIN.COM.
>> Have someone any hints? I see, that the msktutil tries with tls
>> (encrypted) on port 389 (ldap) on the domain-controller. Can I use
>> native (unencrypted) ldap?
>>
>> Thanks a lot.
>> Tom
>>
>>
>> ** Please consider the environment before printing this e-mail **
>>
>> The information contained in this e-mail is of a confidential nature and
>> is intended only for the addressee. If you are not the intended
>> addressee, any disclosure, copying or distribution by you is prohibited
>> and may be unlawful. Disclosure to any party other than the addressee,
>> whether inadvertent or otherwise, is not intended to waive privilege or
>> confidentiality. Internet communications are not secure and therefore
>> Conde Nast does not accept legal responsibility for the contents of this
>> message. Any views or opinions expressed are those of the author.
>>
>> Company Registration details:
>> The Conde Nast Publications Ltd
>> Vogue House
>> Hanover Square
>> London W1S 1JU
>>
>> Registered in London No. 226900
>>
>
>
> The information contained in this e-mail is of a confidential nature and
> is intended only for the addressee. If you are not the intended addressee,
> any disclosure, copying or distribution by you is prohibited and may be
> unlawful. Disclosure to any party other than the addressee, whether
> inadvertent or otherwise, is not intended to waive privilege or
> confidentiality. Internet communications are not secure and therefore
> Conde Nast does not accept legal responsibility for the contents of this
> message. Any views or opinions expressed are those of the author.
>
> The Conde Nast Publications Ltd (No. 226900), Vogue House, Hanover Square,
> London W1S 1JU
>
Received on Mon Jun 28 2010 - 23:26:48 MDT