We are having issue authenticating macintosh clients to edirectory periodically.. Opened a ticket with apple and they said I should remove GSSAPI from the supported mechanisms being published by the rootdse on a ldap seatch.. Here is their suggestion:
Thanks for contacting us about case number 100596892609, LDAP issues.
Here’s the current status of your case:
ISSUE: Unable to login to some clients using open directory credentials following deployment. STATUS: Failed logins are the result of a failure to build a Kerberos credential cache. Since the server does not support Kerberos, recommended building out the LDAP rootDSE to specify supportedSASLMechanisms. rootDSE is returned by ldapsearch, packet capture shows successful retrieval of rootDSE during login but the GSSAPI mechanism is unexpectedly listed. Recommend removing GSSAPI from the supported mechanisms list as kerberos is not supported by the directory.
any idea how to remove GSSAPI from the supported mechanisms ??
thanks in advance