SASL authentication
Michael Ströder
michael at stroeder.com
Mon Mar 23 15:22:06 EDT 2009
Xu, Qiang (FXSGSC) wrote:
>
> Yes, now I am also suspecting something is wrong with DNS settings.
> But I don't know how to check them. Could you give me some examples?
Use nslookup.exe on host name and IP address. They must match.
> [libdefaults]
> default_realm = durian.fujixerox.com
> [..]
> In this configuration file, "durian" is the hostname of the client
> machine. Is there anything wrong with it?
I'm confused. Why do you put in durian.fujixerox.com here.
default_realm MUST point to a Kerberos realm. In a MS AD environment
this is simply the upper-case DNS domain name of the AD domain.
> [realms]
> SESSWIN2003.COM = {
> kdc = 13.198.98.35:88
^^^^^^^^^^^^
Is that the IP address of your AD domain controller? Is SESSWIN2003.COM
your AD domain?
> durian.fujixerox.com = {
> kdc = kerberos.durian.fujixerox.com:88
> admin_server = kerberos.durian.fujixerox.com:749
> }
Likely you should remove that.
You should try to find a working setup with AD using your favourite
search engine. Please read a little bit more what the different
parameters really mean.
Ciao, Michael.
More information about the Kerberos
mailing list