Brendan Kearney bpk678 at
Sat Dec 3 20:07:36 UTC 2016

i am trying to have my dhcpd instances access their configs from ldap 
and want to use the ldap-gssapi-principal and ldap-gssapi-keytab 
directives to specify authentication.  i seem to be having issues, and 
documentation is a bit scarce as to what i need to do.

the keytab i have is valid and i can run "kinit -kt file.keytab 
principal at REALM" and retrieve a TGT ticket.  ldapwhoami shows that the 
id is being mapped correctly to the user object i have setup.

when i a script with the below lines in it:

export KRB5_CLIENT_KTNAME=/etc/dhcp/dhcpd.keytab
reset ; dhcpd -d -4 -f -t -T -cf /etc/dhcp/dhcpd.conf.ldap bond0

i get the below error:

Internet Systems Consortium DHCP Server 4.3.4
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit
Using ccache MEMORY:dhcp_ld_krb5_cc

Credentials are not present in cache (Matching credential not found)

No valid krb5 credentials

Err: Failed to get initial credentials TGT
  -> Invalid argument

Error: Cannot SASL bind to ldap server server2.domain.tld:389: Can't 
contact LDAP server
     Additional info: (null)
Configuration file errors encountered -- exiting

This version of ISC DHCP is based on the release available
on  Features have been added and other changes
have been made to the base software release in order to make
it work better with this distribution.

Please report for this software via the Red Hat Bugzilla site:


what am i missing?  how can i get gssapi based auth working for dhcpd?

thanks in advance,


More information about the dhcp-users mailing list