On Sun, May 10, 2015 at 04:18:58PM +0100, Jonathan Hunter wrote:
Sorry to reply to my own post, but I think I have tracked this one down and resolved in the meantime - so am posting to the archive for posterity in the hope it may help others, also.
I think I have tracked this down to a reverse DNS issue - which was non-obvious to me.
The part that was failing was this:
[sasl_bind_send] (0x0100): Executing sasl bind mech: gssapi, user: dc1$ [sasl_bind_send] (0x0020): ldap_sasl_bind failed (-2)[Local error] [sasl_bind_send] (0x0080): Extended failure message: [SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server not found in Kerberos database)]
Glad you found out. Yes, Kerberos can be picky about correct host names..