On 23/9/2011 10:25 πμ, Markus Moeller wrote:
> This is an incomplete Active Directory setup (or Kerberos if you don't
> use AD).
Thanks Markus,
As you may have seen from earlier posts, I am using MIT Kerberos on
CentOS. I don't have Active Directory but I am using OpenLDAP which
serves as Kerberos container and principals store.
DNS entries were (until now) considered unnecessary. I have created the
required entries and retried.
Now I am getting (in Wireshark) an LDAP search request from the client
and this fails:
CLDAP searchRequest(4) "<ROOT>" baseObject
with content:
baseObject:
scope: baseObject (0)
derefAliases: neverDerefAliases (0)
sizeLimit: 0
timeLimit: 0
typesOnly: False
Filter:
(&(&(DnsDomain=EXAMPLE.COM)(Host=CLIENTHOSTNAME))(NtVer=0x20000006))
attributes: 1 item
AttributeDescription: Netlogon
and the server responds:
ICMP Destination unreachable (Host administratively prohibited)
We don't allow anyone (except specific DNs) to access our LDAP server.
Additionally there are no such entries in there (these are obviously
Active Directory specific). Anyway, there is no client host entry in
Kerberos or in LDAP.
Now what?
Nick
This archive was generated by hypermail 2.2.0 : Fri Sep 23 2011 - 12:00:02 MDT