Re: Problems connecting to OpenLDAP-2.2.17 with Kerberos (ldapclient).

[Andreas <andreas@conectiva.com.br>]

On Wed, Nov 03, 2004 at 07:35:15PM +0000, Lewis Thompson wrote:
> > > > > Miscellaneous failure (see text) (Server (krbtgt/168.0.1@DOMAIN.COM) unknown)
> > > >                                                    ^^^^^^^
> > > > There seems to be a typo somewhere in your config. Perhaps in /etc/hosts, or your
> > > > DNS, or resolver.
> > > 
> > > That's what I thought.  I've checked everywhere I can think of.  The
> > > only kerberos DNS entry I have now is:
> > 
> > Is the output of the "hostname" command OK? For some reason your gssapi library is
> > thinking your hostname is 168.0.1. It should not even be an IP address, but an FQDN.
> 
> % hostname
> server.domain.com
> 
>   I'm really confused how it has got an IP address.  Out of curiosity
> why has it cropped the least significant part of the FQDN?  Is that
> because it is expecting server.domain.com but wants just domain.com?

Oh wait, 168.0.1 is the REALM part of your ticket, not your hostname. Sorry for
the confusion. I was thinking in terms of service tickets, like ldap/fqdn-ldap-server@REALM.

I guess you have some problem with krb5.conf, perhaps in the [domain_realm] section
if you are using MIT Kerberos. Try something like:

[domain_realm]
	.domain.com = DOMAIN.COM
	domain.com = DOMAIN.COM