Search squid archive

Re: Re: Re: Re: Problems setting up Kerberos authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23/9/2011 10:25 πμ, Markus Moeller wrote:

This is an incomplete Active Directory setup (or Kerberos if you don't use AD).

Thanks Markus,

As you may have seen from earlier posts, I am using MIT Kerberos on CentOS. I don't have Active Directory but I am using OpenLDAP which serves as Kerberos container and principals store.

DNS entries were (until now) considered unnecessary. I have created the required entries and retried.

Now I am getting (in Wireshark) an LDAP search request from the client and this fails:

   CLDAP searchRequest(4) "<ROOT>" baseObject

with content:

   baseObject:
   scope: baseObject (0)
   derefAliases: neverDerefAliases (0)
   sizeLimit: 0
   timeLimit: 0
   typesOnly: False
   Filter:
   (&(&(DnsDomain=EXAMPLE.COM)(Host=CLIENTHOSTNAME))(NtVer=0x20000006))
   attributes: 1 item
   AttributeDescription: Netlogon

and the server responds:

   ICMP Destination unreachable (Host administratively prohibited)

We don't allow anyone (except specific DNs) to access our LDAP server. Additionally there are no such entries in there (these are obviously Active Directory specific). Anyway, there is no client host entry in Kerberos or in LDAP.

Now what?

Nick

<<attachment: smime.p7s>>


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux