Hello,
thanx to all that helped me. Problem solved.
The main reason was this posted by phil
1. Ensure there is a prinicpal in your kerberos realm "DNS/
hostname.domain.com", matching the hostname of your DNS server
This is why I always got a wrong principal name.
Have a nice weekend,
cheers,
> I do this now the 3rd week. I was reading a lot of books and manuals, doing
> a lot of configuration and sniffering etc. I looked in google for hours but
> I could not find anyone that says - yes it works.
It does work, but setting it up is very-very painful. Even if you do get it
working, and
On Dec 6, 2010, at 9:00 AM, Jürgen Dietl wrote:
> Hello Serjiu,
> many thanx for your hint. This I was asking me too for some time. Because the
> TGT is for the client name (principal) that is logged in at the moment and
> the service should be always for the same principal name on any client. S
Hello Serjiu,
many thanx for your hint. This I was asking me too for some time. Because
the TGT is for the client name (principal) that is logged in at the moment
and the service should be always for the same principal name on any client.
So yes I will need to define 2 principals.
You wrote:
You s
On 12/06/2010 04:01 PM, Jürgen Dietl wrote:
Hello Phil
thanx again for your answer. So I read between the lines that even if
there were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we
have to wait until MS follow the standards? :-)
That's not what I said.
Forgive me but what is a
> The client has an entry in the AD with DNS/test@test.loc. The Client,
> DNS-Server, Kerberos-Server all have a copy of the krb5.keytab. If I do a
> kinit -k -t c:\krb5.keytab DNS/test@test.loc then all seem to be ok. I
> get this message from the DNSserver: 03-Dec-2010 10:42:00.451 gener
Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we have to
wait until MS follow the standards? :-)
Forgive me but what is a disjoint domain environment?
thanx a lot,
cheers,
Juergen
2010/12/6 Ph
On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
there a way to find out what principal it expects?
You can configure it:
tkey-domain "YOUR.DOMAIN";
tkey-gssapi-credential "DNS/hostname.your.domain";
(I've never
Hello Phil,
thanx for your answer.I dont know really what the server offers because I
dont get a valid response:
Frame 2475: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits)
Ethernet II, Src: xx, Dst: Vmware_x
Internet Protocol, Src: , Dst
On 12/06/2010 02:20 PM, Jürgen Dietl wrote:
I have read that there is a special mode called User-To-User Mode. This
mode enables the client to ask for a service direct without asking for a
That's not quite how u2u works.
TGT before. I found out that my client use this special user-to-user
mod
10 matches
Mail list logo
