SASL authentication
Xu, Qiang (FXSGSC)
Qiang.Xu at fujixerox.com
Tue Mar 24 03:04:27 EDT 2009
> -----Original Message-----
> From: kerberos-bounces at mit.edu
> [mailto:kerberos-bounces at mit.edu] On Behalf Of Markus Moeller
> Sent: Tuesday, March 24, 2009 7:26 AM
> To: kerberos at mit.edu
> Subject: Re: SASL authentication
>
> Can you get a network capture with wireshark on your 2003
> server of all traffic from your client when you do the following
>
> On the client:
> kinit qxu at SESSWIN2003.COM
> ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com'
> -b 'dc=sesswin2003,dc=com' -s sub -LLL '(cn=qxu)' mail
>
> Make sure that sesswin2003.sesswin2003.com resolves to the
> correct ip or is in your hosts file.
Just as you guess, Markus, there is no network traffic arriving at the LDAP server when I run ldapsearch command. In contrast, when I run kinit command, ethereal can help me capture Kerberos packets. So it seems the FQDN "sesswin2003.sesswin2003.com" cannot be resolved.
Shall I do something to the file "/etc/hosts"? Could you give me some suggestion on how to resolve this name? Please note that the client (where kinit and ldapsearch are run) is not in the domain "sesswin2003.com".
Thanks,
Xu Qiang
More information about the Kerberos
mailing list