Re: GSSAPI and LVS Load balanced ldap servers

[Frank Swasey <Frank.Swasey@uvm.edu>]

Today at 4:16pm, Quanah Gibson-Mount wrote:

> --On Monday, February 02, 2009 3:13 PM -0500 Francis Swasey 
> <Frank.Swasey@uvm.edu> wrote:
>
> > We've finally reached the point in replacing our old authentication
> > system that I'm attempting to get GSSAPI working with our ldap.uvm.edu
> > system.
>
> Good luck. :)  The only way I ever got this working was via software load 
> balancing on round-robin DNS, where the virtual name would resolve to the 
> actual host.

LVS is a software load balancer.  What software load balancer did you 
use that also used DNS round-robin (or am I completely confused in my 
understanding of what you just wrote)?

> My guess is that once you're connected to "ldap.uvm.edu" it 
> gets the IP addr of the real system it's connected to, and that doesn't match 
> ldap.uvm.edu, giving you a mismatch.

Yeah, that's my guess too of the current failure.

--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)