On 7/24/2009 1:10 PM, Matthias Apitz wrote:
Using the mentioned environment (on FreeBSD 8-CURRENT) I can't Subscribe
to Other user's Calendar in the Exchange server (don't blame me for
this, using Exchange :-)) . It fails with a more or less stupid message
about wrong password.
Exchange is an excellent mail handling system, with lots of benefits, no
need to trash it here.
It's not a stupid message; it's telling you it can't authenticate you.
To tell you explicitly "cannot find credentials servers and services"
would be a security hole, because if it could find them and merely told
you "bad authentication" you'd know you have a bad password, and could
try a different one.
I've watched with TCPDUMP what's happening when I access in the Menue
'Subscribe to Other user's Calendar': it does a DNS lookup for
kerberos.OCLC.org which is failing (yyy.yyy.yyy.yyy is our DNS server,
xxx.xxx.xxx.xxx is my laptop):
10:43:53.583797 IP xxx.xxx.xxx.xxx.34455> yyy.yyy.yyy.yyy.53: 43976+ SRV?
_kerberos._udp.OCLC.ORG. (41)
10:43:53.585520 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.34455: 43976 NXDomain
0/1/0 (91)
10:43:53.586181 IP xxx.xxx.xxx.xxx.51100> yyy.yyy.yyy.yyy.53: 48460+ SRV?
_kerberos._tcp.OCLC.ORG. (41)
10:43:53.587866 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.51100: 48460 NXDomain
0/1/0 (91)
10:43:53.588479 IP xxx.xxx.xxx.xxx.23102> yyy.yyy.yyy.yyy.53: 46661+ SRV?
_kerberos._http.OCLC.ORG. (42)
10:43:53.590098 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.23102: 46661 NXDomain
0/1/0 (92)
10:43:53.590505 IP xxx.xxx.xxx.xxx.57028> yyy.yyy.yyy.yyy.53: 45174+ A?
kerberos.OCLC.ORG. (35)
10:43:53.592087 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.57028: 45174 NXDomain
0/1/0 (85)
10:43:53.592241 IP xxx.xxx.xxx.xxx.54405> yyy.yyy.yyy.yyy.53: 45175+ AAAA?
kerberos.OCLC.ORG. (35)
10:43:53.593850 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.54405: 45175 NXDomain
0/1/0 (85)
The domain OCLC.ORG is the part of my mail addr, i.e. my addr
is<xxxxxx...@oclc.org>.
The IT folks of my company gave me the hint that the above nslookup should not
be, for example, '_kerberos._udp.OCLC.ORG', but '_kerberos._udp.oa.OCLC.ORG'
(i.e. in the zone oa.OCLC.ORG) which indead is working with nslookup:
$ nslookup -type=SRV '_kerberos._udp.oa.OCLC.ORG'
Server: yyy.yyy.yyy.yyy
Address: yyy.yyy.yyy.yyy#53
Non-authoritative answer:
_kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc5server.oa.oclc.org.
_kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc01ewbe.oa.oclc.org.
_kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc1server.oa.oclc.org.
_kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc2server.oa.oclc.org.
...
Why Evo is asking for '_kerberos._udp.OCLC.ORG' and not for
'_kerberos._udp.oa.OCLC.ORG'
Active Directory LDAP schemes can be mis-configured and yet still appear
to work. Check earlier to see if Evolution or PAM (if you're using
PAM), was given oa.oclc.org or just oclc.org.
What domain are you in? It's possible that Evolution assumes that SMTP
address reflects your domain. If you are in the OA domain, it should
not hurt to list your address as x...@oa.oclc.org. Mail sent to
x...@oclc.org will still find you, and you can set the reply-to: header
field to x...@oclc.org.
I have this issue at work, as for testing purposes my email address is
currently chuc...@exchange.microsoft.com, but the alias
chuc...@microsoft.com works as well. But my email client keeps wanting
to send @exchange.microsoft.com which confuses my friends into thinking
my email address has changed.
Good luck and let us know.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
