SASL authentication

Xu, Qiang (FXSGSC) Qiang.Xu at
Tue Mar 24 03:04:27 EDT 2009

> -----Original Message-----
> From: kerberos-bounces at 
> [mailto:kerberos-bounces at] On Behalf Of Markus Moeller
> Sent: Tuesday, March 24, 2009 7:26 AM
> To: kerberos at
> Subject: Re: SASL authentication
> Can you get a network capture with wireshark on your 2003 
> server of all traffic from your client when you do the following
> On the client:
> kinit qxu at SESSWIN2003.COM
> ldapsearch -Y GSSAPI -H 'ldap://' 
> -b 'dc=sesswin2003,dc=com' -s sub -LLL '(cn=qxu)' mail
> Make sure that resolves to the 
> correct ip or is in your hosts file.

Just as you guess, Markus, there is no network traffic arriving at the LDAP server when I run ldapsearch command. In contrast, when I run kinit command, ethereal can help me capture Kerberos packets. So it seems the FQDN "" cannot be resolved. 

Shall I do something to the file "/etc/hosts"? Could you give me some suggestion on how to resolve this name? Please note that the client (where kinit and ldapsearch are run) is not in the domain "". 

Xu Qiang

More information about the Kerberos mailing list