[Pdns-users] Fatal Error: Trying to set unknown parameter 'ldap-authmethod'
Dario García Díaz-Miguel
dgdiaz at gmv.com
Fri Feb 19 07:09:50 UTC 2021
Hi Mark,
Thank you so much for your reply, really, really appreciated.
I changed the property to ldap-bindmethod. Now there's no fatal error anymore and the service starts correctly, but it seems that is not correctly being used.
ldap-bindmethod=gssapi
ldap-krb5-keytab=/etc/pdns.keytab
[...]
TLS established tls_ssf=256 ssf=256
[...]
[LdapBackend] Ldap connection to server failed: Failed to bind to LDAP server: Unknown Authentication method.
Caught an exception instantiating a backend: Unable to connect to ldap server.
TCP Server is unable to launch backends - will try again when questions come in: Unable to connect to ldap server
[...]
GSSAPI is working correctly on my server:
# kinit -k -t /etc/pdns.keytab pdns/server.example.com
# ldapwhoami -Y GSSAPI -H ldaps://server.example.com
SASL/GSSAPI authentication started
SASL username:pdns/server.example.com
SASL SSF:56
SASL data security layer installed.
dn: uid=pdns/server.example.com,dc=example,dc=com
I've tried to read the code to find if gssapi is not the correct value to use but I could not find the code file with this excerpt. If you prefer, you can tell me where did you find it and I will look for it by myself.
All help with this would be so much appreciated since GSSAPI is required for us.
Thank you so much.
Kind Regards.
Dario Garcia
Díaz-Miguel
GGCS-SES Unit
GGCS SKMF Infrastructure Division
GMV
C\ de Isaac Newton, 11
28760, Tres Cantos, Madrid
España
+34 918 07 21 00
+34 918 07 21 99
www.gmv.com
> -----Original Message-----
> From: Pdns-users <pdns-users-bounces at mailman.powerdns.com> On Behalf Of
> Mark Nejedlo via Pdns-users
> Sent: Thursday, February 19, 2021 01:02 AM
> To: pdns-users at mailman.powerdns.com
> Subject: [Pdns-users] Fatal Error: Trying to set unknown parameter
> 'ldap-authmethod'
>
> If I'm reading the source correctly (questionable), it looks like it should be "ldap-bindmethod".
> Mark
-----Mensaje original-----
De: Dario García Díaz-Miguel
Enviado el: jueves, 18 de febrero de 2021 15:18
Para: pdns-users at mailman.powerdns.com
CC: skmf_support <skmf_support at gmv.com>
Asunto: Fatal Error: Trying to set unknown parameter 'ldap-authmethod'
Hi,
I've deployed today pdns for the first time and I found an issue I don't know how to solve, so I write over here to claim for some help.
When I configure the ldap backend as shown below:
launch=ldap
ldap-host=ldaps://example.example.com
ldap-binddn=cn=Administrator,dc=gcc1,dc=kmf,dc=com
ldap-secret=secret
ldap-basedn=ou=Hosts,dc=example,dc=com
ldap-method=strict
It works flawlessly.
But If I try to use gssapi according to the pdns documentation... launch=ldap ldap-host=ldaps://example.example.com
ldap-authmethod=gssapi
ldap-krb5-keytab=/etc/pdns.keytab
ldap-basedn=ou=Hosts,dc=example,dc=com
ldap-method=strict
I get the following error trying to start the service:
Fatal Error: Trying to set unknown parameter 'ldap-authmethod'
According to the official Documentation:
"""ldap-authmethod
(default: "simple") : How to authenticate to the LDAP server. Actually only two methods are supported: "simple", which uses the classical DN / password, or "gssapi", which requires a Kerberos keytab. """
The keytab exists and has pdns permissions for pdns user.
The principal exists and is the only key stored on that keytab.
I've deployed the last SUSE 15 official repository version:
- pdns-4.3.1-bp152.2.5.1.x86_64.rpm
- pdns-backend-ldap-4.3.1-bp152.2.5.1.x86_64.rpm
- pdns-common-4.0-bp152.3.16.noarch.rpm
It seems that this property does not exists for this pdns version, but I think that gssapi support was added for the 4.1 version which is previous than this.
Some help would be really appreciated.
Thank you so much.
Kind Regards.
P Please consider the environment before printing this e-mail.
P Please consider the environment before printing this e-mail.
More information about the Pdns-users
mailing list