Univention Bugzilla – Bug 53025
Ubuntu domain join fails with GSSAPI Failure: gss_canonicalize_name
Last modified: 2021-05-27 11:17:14 CEST
Created attachment 10676 [details] ubuntu-domain-join The ubuntu join client fails when trying to perform a ldapsearch with a kerberos ticket 'ldapsearch -QLLL uid=%s dn' results in: ldap_sasl_interactive_bind_s: Invalid credentials (49)\n\tadditional info: SASL(-13): authentication failure: GSSAPI Failure: gss_canonicalize_name\n' The ldapsearch command has to specify the GSSAPI SALS Mechanism now. In UCS4 this was not necessary. 'ldapsearch -QLLL -Y GSSAPI uid=%s dn' works The attached patch fixes this.
I can confirm, that the patch works with ubuntu 20.10.
Added the patch: acac9bd Bug #53025: changelog 73ee6ea Bug #53025: Specify GSSAPI SALS Mechanism Product tests were successful
# Summary The patch from comment 2 is still the same, so is the code base and I rechecked that. The patch was applied as I would have anticipated it along with the necessary changes to the changelog. I reviewed that as well and everything looks good: verified fixed.
The new package univention-domain-join - 1.0-26ubuntu1 has been released: https://launchpad.net/~univention-dev/+archive/ubuntu/ppa/+packages I removed the section about the failing join-client from the release notes: 317d621585 Bug #53025: Bug has been fixed, remove section from release notes