SingleStore LDAP Authentication Errors

adrshen · September 20, 2022, 7:27pm

Hi Folks,
I followed help article to enable and sync up AD group in my test of environment. The tool got configured and ran successfully. It pulled up all the users and then created them on destination SingleStore cluster. I can see user are created with GSSAPI. I however have problem getting a user authenticated. When I tried to login using AD creds this is What I get any help ?

ERROR 1105 (HY000): Client GSSAPI error (major 851968, minor 0) : gss_init_sec_context - Unspecified GSS failure. Minor code may provide more information.

adrshen

MariaSilverhardt · September 21, 2022, 12:51pm

Hi adrshen!
Sorry you are experiencing this error.
We’re happy to help.
What service are you running; managed or self-hosted? what version number?

adrshen · September 21, 2022, 1:59pm

We are running on premises SingleStore version 7.8.8. We recently upgraded SingleStore tooling and trying to configure AD Auth for dev cluster to grant team members permissions.
Also We have SingleStore studio running version : 4.0.7.

Thanks in advance for help !
ADrshen

MariaSilverhardt · September 27, 2022, 7:00pm

Thanks for the details Adrshen! This has been escalated internally and hope to have an update for you soon. Thanks for your patience.

rsantos · October 1, 2022, 10:09am

Hi there,

This error is displayed because the SingleStore DB is unable to generate a Kerberos ticket due to some issue.
To get what is going on you can use the following command to generate a ticket using the Service Account. This command must generate a ticket.

sudo -u memsql kinit -kt {locationForKDCConfiguredInS2} -S HTTP/memsql.s2.local HTTP/memsql.s2.local@S2.LOCAL

Please replace the values with the ones from your environment.

-S is the servicePrincipalName of the account
the last parameter is the userPrincipalName

ton.hoang · April 8, 2023, 8:12am

same issue without solution now