Ok. I'd try locally from the machine first, so you know the krb configurations are absolutely identical all the way. Just change your pg_hba so it uses krb5 (and don't forget to use -h - krb5 only works over TCP/IP sockets) THat said, I think your problem is in that you use "postgres" as your SPN. It has to be uppercase POSTGRES to work with Active Directory. //Magnus On Thu, Aug 30, 2007 at 03:34:18PM +0300, Idan Miller wrote: > We tried to connect from a different gentoo machine. > both client and server are running version 8.2.4 of postgresql. > right now, we are trying to connect from gentoo, but we want to connect from > windows as well > > Idan > > > On 8/30/07, Magnus Hagander <magnus@xxxxxxxxxxxx> wrote: > > > > On Thu, Aug 30, 2007 at 02:07:13PM +0300, Idan Miller wrote: > > > Hi everyone, > > > > > > I'm trying to configure PostgreSQL version 8.2.4 with Kerberos and > > Active > > > Directory. > > > The AD is run on a windows 2003 server, and the postgre on gentoo. > > > The gentoo computer name is postgre and it's added to the windows 2003 > > > server AD domain. > > > > > > I did the following: > > > - I compiled postgre with kerberos support and installed it on the > > gentoo > > > machine. > > > - I created a keytab for the user postgres/postgre on the windows 2003 > > > server machine and copied it to the gentoo machine. > > > - I configured the postgresql.conf to point to the keytab. > > > - I configured pg_hba.conf to authenticate remote users by kerberos. > > > - I followed additional configurations from the howto in the mailing > > list > > > archives. > > > > > > Now, when trying to log in with an AD user to postgre I get: > > > psq: krb5_sendauth: Bad application version was sent (via sendauth) > > > > > > Any help will be appreciated. > > > > Are you sure you have postgresql 8.2 on both ends of the connection? Are > > yuor clients on windos or unix? > > > > //Magnus > > ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
