[33190] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Kerberos cross-realm with AD

daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Feb 8 00:49:11 2011

MIME-Version: 1.0
In-Reply-To: <AANLkTimDN5eY+ijURCkOrmmmJwqPT37KJWhS2=fzj=fE@mail.gmail.com>
Date: Tue, 8 Feb 2011 16:49:06 +1100
Message-ID: <AANLkTimB7ZnKfOH-+O53fxoHz7pqQZ7=BrTmbuGVEiBO@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi there..

Interestingly ; I have now reverted to kerberos 1.7 (I had avoided
upgrading to 1.8 earlier as I couldn't make it work when both 1.7 and
1.6 worked just fine. 1.9 seemed to have worked all fine until now).

Downgrading to 1.7 and my cross-ream issues are gone ; only problem
now is that I see in the log:
[Tue Feb 08 16:45:00 2011] [notice] [client 1.2.3.4]
krb5_aname_to_localname() found no mapping for principal
jean-yves.avenard@MEL.DOMAIN.COM

I added in the krb5.conf

[realms]
 M.DOMAIN.COM = {
  kdc = m.domain.com
  admin_server = m.domain.com
  default_domain = m.domain.com
 }

 MEL.DOMAIN.COM = {
  kdc = ad.domain.com
  admin_server = ad.domain.com
  default_domain = ad.domain.com
  auth_to_local = RULE:[1:$1@$0](.*@.*DOMAIN\.COM$)s/@.*//
 }

from what I could read in the documentation, but this still doesn't work.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[33190] in Kerberos

Re: Kerberos cross-realm with AD

daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)Tue Feb 8 00:49:11 2011

daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Tue Feb 8 00:49:11 2011