On Wed, Nov 03, 2004 at 05:46:07PM -0200, Andreas wrote:
> On Wed, Nov 03, 2004 at 07:35:15PM +0000, Lewis Thompson wrote:
> > > > > > Miscellaneous failure (see text) (Server (krbtgt/168.0.1@DOMAIN.COM) unknown)
> > > > > ^^^^^^^
> > > > > There seems to be a typo somewhere in your config. Perhaps in /etc/hosts, or your
> > > > > DNS, or resolver.
> > > >
> > > > That's what I thought. I've checked everywhere I can think of. The
> > > > only kerberos DNS entry I have now is:
> > >
> > > Is the output of the "hostname" command OK? For some reason your gssapi library is
> > > thinking your hostname is 168.0.1. It should not even be an IP address, but an FQDN.
> >
> > % hostname
> > server.domain.com
> >
> > I'm really confused how it has got an IP address. Out of curiosity
> > why has it cropped the least significant part of the FQDN? Is that
> > because it is expecting server.domain.com but wants just domain.com?
>
> Oh wait, 168.0.1 is the REALM part of your ticket, not your hostname. Sorry for
> the confusion. I was thinking in terms of service tickets, like ldap/fqdn-ldap-server@REALM.
Are you sure? klist shows:
Credentials cache: FILE:/tmp/krb5cc_0
Principal: lewiz@DOMAIN.COM
Issued Expires Principal
Nov 3 17:37:44 Nov 4 03:37:44 krbtgt/DOMAIN.COM@DOMAIN.COM
Wait a second... I might be getting confused here...
>
> I guess you have some problem with krb5.conf, perhaps in the [domain_realm] section
> if you are using MIT Kerberos. Try something like:
>
> [domain_realm]
> .domain.com = DOMAIN.COM
> domain.com = DOMAIN.COM
Hehe, I already have this.
-lewiz.
--
I was so much older then, I'm younger than that now. --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:lewiz@fajita.org | jabber:lewiz@jabber.org | url:www.lewiz.org |-
Attachment:
pgpY8eJulOigh.pgp
Description: PGP signature