[30912] in Kerberos

home help back first fref pref prev next nref lref last post

Re: SASL authentication

daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Mon Mar 23 20:24:56 2009

From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Mon, 23 Mar 2009 20:22:06 +0100
Message-ID: <v34l96-gkf.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.143.1237800736.14058.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Xu, Qiang (FXSGSC) wrote:
>
> Yes, now I am also suspecting something is wrong with DNS settings.
> But I don't know how to check them. Could you give me some examples?

Use nslookup.exe on host name and IP address. They must match.

> [libdefaults]
>  default_realm = durian.fujixerox.com
> [..]
> In this configuration file, "durian" is the hostname of the client
> machine. Is there anything wrong with it?

I'm confused. Why do you put in durian.fujixerox.com here.

default_realm MUST point to a Kerberos realm. In a MS AD environment
this is simply the upper-case DNS domain name of the AD domain.

> [realms]
>  SESSWIN2003.COM = {
>   kdc = 13.198.98.35:88
          ^^^^^^^^^^^^
Is that the IP address of your AD domain controller? Is SESSWIN2003.COM
your AD domain?

>  durian.fujixerox.com = {
>   kdc = kerberos.durian.fujixerox.com:88
>   admin_server = kerberos.durian.fujixerox.com:749
>  }

Likely you should remove that.

You should try to find a working setup with AD using your favourite
search engine. Please read a little bit more what the different
parameters really mean.

Ciao, Michael.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post