[30912] in Kerberos
Re: SASL authentication
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Michael_Str=F6der?=)
Mon Mar 23 20:24:56 2009
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
Date: Mon, 23 Mar 2009 20:22:06 +0100
Message-ID: <v34l96-gkf.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.143.1237800736.14058.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Xu, Qiang (FXSGSC) wrote:
>
> Yes, now I am also suspecting something is wrong with DNS settings.
> But I don't know how to check them. Could you give me some examples?
Use nslookup.exe on host name and IP address. They must match.
> [libdefaults]
> default_realm = durian.fujixerox.com
> [..]
> In this configuration file, "durian" is the hostname of the client
> machine. Is there anything wrong with it?
I'm confused. Why do you put in durian.fujixerox.com here.
default_realm MUST point to a Kerberos realm. In a MS AD environment
this is simply the upper-case DNS domain name of the AD domain.
> [realms]
> SESSWIN2003.COM = {
> kdc = 13.198.98.35:88
^^^^^^^^^^^^
Is that the IP address of your AD domain controller? Is SESSWIN2003.COM
your AD domain?
> durian.fujixerox.com = {
> kdc = kerberos.durian.fujixerox.com:88
> admin_server = kerberos.durian.fujixerox.com:749
> }
Likely you should remove that.
You should try to find a working setup with AD using your favourite
search engine. Please read a little bit more what the different
parameters really mean.
Ciao, Michael.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos