[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problems with OpenLDAP 2.1.4 and Kerberos



I'm not attempting cross-realm trusts. I just want to connect to the AD
with a Kerberized UNIX client.

We did run kinit first, and successfully received the ticket. I can then
use that ticket to telnet to another MIT Kerberized UNIX machine (in the
AD Realm) and it will successfully authenticate me.

Tony


Anthony Brock
Director of Network Services
George Fox University

E-Mail: abrock@georgefox.edu
Phone:  (503) 554-2579
FAX:    (503) 554-3834




-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry@samba.org] 
Sent: Thursday, September 19, 2002 7:15 AM
To: Anthony Brock
Cc: openldap-software@OpenLDAP.org
Subject: Re: Problems with OpenLDAP 2.1.4 and Kerberos


Are you trying to use cross-realm trusts?  Did you run kinit to get the 
user's TGT first?  I've got this working on a testbed runnin at home.

btw...going the other way has proven impossible so far....
Using a cross-realm trust to access OpenLDAP in a MIT Krb5 realm 
from a Win2k client in the trusted AD realm.



cheers, jerry
 ---------------------------------------------------------------------
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--