Go to main content

Working With Oracle® Solaris 11.3 Directory and Naming Services: LDAP

Exit Print View

Updated: September 2018

Resolving Per-User Credentials Issues

Using per-user credentials requires configuration such as a Kerberos setup. Refer to the following issues when configuring per-user profiles.

syslog File Indicates 82 Local Error

The syslog file might contain the following error message:

libsldap: Status: 7 Mesg: openConnection: GSSAPI bind failed -82 Local error

Kerberos might not be initialized or its ticket is expired. Use the klist command to browse. Use either the kinit -p command or kinit -R command to reinitialize Kerberos.

Kerberos Not Initializing Automatically

To enable the kinit command to run automatically whenever you log in, add pam_krb5.so.1 to the /etc/pam.conf file. For example:

login      auth optional pam_krb5.so.1
rlogin     auth optional pam_krb5.so.1
other      auth optional pam_krb5.so.1

syslog File Indicates Invalid Credentials

The syslog file might contain Invalid credential after you use the kinit command. This problem might occur due to one of the following reasons:

  • The root host entry or the user entry is not in the LDAP directory.

  • Mapping rules are incorrect.

The ldapclient init Command Fails in the Switch Check

You can use the ldapclient init command to check the LDAP profile for the presence of the self/sasl/GSSAPI configuration. If the switch check fails, the error lies in DNS not being used as the search criteria for the host database. You can resolve this issue as follows:

  • Use the following commands to check the status of the DNS service and to enable it.

    # svcs -l dns/client
    # svcadm enable dns/client
  • If the failure is in the bind operation of sasl/GSSAPI, check the syslog file to determine the problem.