Service fail to start #6
Comments
|
Hi, According to gmsad logs, there is likely something wrong with What is the version of python-gssapi installed on your system? Could you share the output of |
|
Hi, root@lowlatency08:/var/log# apt list --installed | grep krb WARNING: apt does not have a stable CLI interface. Use with caution in scripts. krb5-admin-server/jammy-updates,jammy-security,now 1.19.2-2ubuntu0.3 amd64 [installed] |
|
What about the version of You can get it by running: |
|
"python3 -c "import pkg_resources; print(pkg_resources.get_distribution('gssapi').version)"" |
|
It seems that you are missing the Credential Store Extension (https://k5wiki.kerberos.org/wiki/Projects/Credential_Store_extensions), but I have no idea why 😞 Could you try to run the following command and paste the output? $ python3 -c 'import ldap3; ldap3.Connection("dc1-v.dev.local", user="toto", authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS, auto_bind=True,cred_store={"client_keytab": "/etc/webapp01.keytab"})'I've run it on a fresh ubuntu container and I've got the following output (which was expected, but at least we see that the cred store extension is there). How to reproduce what I've done: |
|
"lowlatency08: "root@lowlatency08:~# pip install ldap3 gssapi "lowlatency08:~# python3 -c 'import ldap3; ldap3.Connection("dc1-v.dev.local", user="toto", authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS, auto_bind=True,cred_store={"client_keytab": "/etc/webapp01.keytab"})' |
|
The previous test has demonstrated that the issue is not related to Maybe you could try to remove all the Heimdal related packages? For information, I have the following packages installed on my box: |
|
Removed all Heim packages. Seems missing modules.
× python setup.py bdist_wheel did not run successfully. note: This error originates from a subprocess, and is likely not a problem with pip. × Running setup.py install for winkerberos did not run successfully. note: This error originates from a subprocess, and is likely not a problem with pip. × Encountered error while trying to install package. note: This is an issue with the package mentioned above, not pip. |
|
You lost the |
Weird is its trying to import the module gmsad[16091]: import winkerberos |
|
posix_gssapi_unavailable = True
try:
# noinspection PyPackageRequirements,PyUnresolvedReferences
import gssapi
from gssapi.raw import ChannelBindings
posix_gssapi_unavailable = False
except ImportError:
pass
windows_gssapi_unavailable = True
# only attempt to import winkerberos if gssapi is unavailable
if posix_gssapi_unavailable:
try:
import winkerberos
windows_gssapi_unavailable = False
except ImportError:
raise LDAPPackageUnavailableError('package gssapi (or winkerberos) missing')(https://github.com/cannatag/ldap3/blob/dev/ldap3/protocol/sasl/kerberos.py) Make sure that import gssapi
from gssapi.raw import ChannelBindings |
|
Where do i need to add this code. Also do i need to re-install after adding this? Not so fluent on python. |
|
You can start by running If you don't get an error, you can continue and run If you get an error which is not |
|
|
Cleaned up and created a new system and did the install was able to get past the gssapi missing error. Now see below while starting
|
|
Nice 👍 Now you are getting an authentication error. You can check that the credentials in your keytab with To resolve this, check the output of krb5 lib on stderr and the authentication logs on your DC. |
Domain controller: LDAP server signing requirements = None
|
Hi,
Came across this project. Doing a POC on our Ubuntu 22.04 server to leverage this with out AD-Linux infra. Need your help in figuring out where we are missing in getting this up.
Attached the log date we get when trying to start the service.
Apr 17 060852 lowlatency08 gmsad.txt
Config file attached
[gmsad]-config.txt
For your perspective I am located in Singapore time zone.
Thank you
Sharat
The text was updated successfully, but these errors were encountered: