[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Change over to anonymous binds



Actually I've fixed the resolver problem by adding a file that has the resolv.conf I want and then using it to overwrite the one
the system keeps insisting I use at the end of the /etc/sysconfig/network script. DNS spins like a top now but I still can't get
an ldap logon on the server. Again no trouble for the clients and no trouble for users local to the server, they can do ldap logins just fine. Just in case, I am rewriting all of the certs and stuff now.


Hmmm... right now I am supposed to have both encrypted and non-encrypted stuff going in the same port but I don't think that this is working.
If it were, then when I kill the encryption on the server login there should be no trouble and there is, in fact, trouble.


You know, I think the base problem is the inability to change resolv.conf.
If I could specify the default DNS service as 127.0.0.1 I think it would work.


This would mean you'd have to run a caching name server, like I do.


The project requires a real name server mainly because I made a commitment in that regards at the beginning of the project.
Sorry, I thought I mentioned that. Besides, I've already shown that this is not likely to be *THE* problem although it was in fact
*A* problem. ;-) I think it is much more likely to have something to do with the combination of SSL/OpenLDAP that I am not quite getting.
Hmmm... it might be worth turning off the name daemon and using host files as a test though... Could prove enlightening.


The forwarder specs in the named.conf file would take care of the rest.

...

CommonName field in the cert.

Go and speak to someone in your org who knows *everything* about DNS. He
MUST NOT be a Microsoft MCSE or a Novell CNA, since they're all wood
between the ears and can only point and click and answer multiple choice
questions without thinking.

Sorry, no can do. My org is EWU. I am a grad student and this is my grad project. Normally I could expect some help from
my profs but they are mostly all software engineers, not admins. I start talking about network stuff and I get the eye-glaze thing
from them. ;-)