SASL authentication

Michael Ströder michael at stroeder.com
Mon Mar 23 15:22:06 EDT 2009


Xu, Qiang (FXSGSC) wrote:
>
> Yes, now I am also suspecting something is wrong with DNS settings.
> But I don't know how to check them. Could you give me some examples?

Use nslookup.exe on host name and IP address. They must match.

> [libdefaults]
>  default_realm = durian.fujixerox.com
> [..]
> In this configuration file, "durian" is the hostname of the client
> machine. Is there anything wrong with it?

I'm confused. Why do you put in durian.fujixerox.com here.

default_realm MUST point to a Kerberos realm. In a MS AD environment
this is simply the upper-case DNS domain name of the AD domain.

> [realms]
>  SESSWIN2003.COM = {
>   kdc = 13.198.98.35:88
          ^^^^^^^^^^^^
Is that the IP address of your AD domain controller? Is SESSWIN2003.COM
your AD domain?

>  durian.fujixerox.com = {
>   kdc = kerberos.durian.fujixerox.com:88
>   admin_server = kerberos.durian.fujixerox.com:749
>  }

Likely you should remove that.

You should try to find a working setup with AD using your favourite
search engine. Please read a little bit more what the different
parameters really mean.

Ciao, Michael.



More information about the Kerberos mailing list