Hello,
thanx to all that helped me. Problem solved.
The main reason was this posted by phil
1. Ensure there is a prinicpal in your kerberos realm "DNS/
hostname.domain.com", matching the hostname of your DNS server
This is why I always got a wrong principal name.
Have a nice weekend,
cheers,
> I do this now the 3rd week. I was reading a lot of books and manuals, doing
> a lot of configuration and sniffering etc. I looked in google for hours but
> I could not find anyone that says - yes it works.
It does work, but setting it up is very-very painful. Even if you do get it
working, and
On 12/07/2010 07:53 AM, Jürgen Dietl wrote:
Hello Sergiu,
I tried to put in 2 credential Entries in the named.conf:
tkey-gssapi-credential "DNS/test.loc"; (that was in before)
tkey-gssapi-credential "USER/test.loc", (new entry)
tkey-domain "TEST.LOC";
This is all wrong.
There are two principa
how can I put in 2
credentials, or maybe where to put them?
Another problem with 2 Principal name is that the User Principal is of
course different on any pc.
Thanx a lot for your help,
cheers,
-- Forwarded message --
From: Sergiu Bivol
Date: 2010/12/6
Subject: Re: Problems with
On Dec 6, 2010, at 9:00 AM, Jürgen Dietl wrote:
> Hello Serjiu,
> many thanx for your hint. This I was asking me too for some time. Because the
> TGT is for the client name (principal) that is logged in at the moment and
> the service should be always for the same principal name on any client. S
Hello Serjiu,
many thanx for your hint. This I was asking me too for some time. Because
the TGT is for the client name (principal) that is logged in at the moment
and the service should be always for the same principal name on any client.
So yes I will need to define 2 principals.
You wrote:
You s
On 12/06/2010 04:01 PM, Jürgen Dietl wrote:
Hello Phil
thanx again for your answer. So I read between the lines that even if
there were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we
have to wait until MS follow the standards? :-)
That's not what I said.
Forgive me but what is a
> The client has an entry in the AD with DNS/test@test.loc. The Client,
> DNS-Server, Kerberos-Server all have a copy of the krb5.keytab. If I do a
> kinit -k -t c:\krb5.keytab DNS/test@test.loc then all seem to be ok. I
> get this message from the DNSserver: 03-Dec-2010 10:42:00.451 gener
Hello Nevarez,
grats for sending it from your iPhone :-) But is there any message missing?
thanx a lot and have a nice day
cheers,
Juergen
-- Forwarded message --
From: Nevarez, Noe (DNSLB-NETWORKS)
Date: 2010/12/6
Subject: Re: Problems with Bind-Kerberos-Windows-Linux
To
Hello Phil
thanx again for your answer. So I read between the lines that even if there
were bugfixes for GSSTSIG in Bind V. 9.7.2 - it dont work. So we have to
wait until MS follow the standards? :-)
Forgive me but what is a disjoint domain environment?
thanx a lot,
cheers,
Juergen
2010/12/6 Ph
On 12/06/2010 03:18 PM, Jürgen Dietl wrote:
The Log-File from the DNS-SUSE-Server tells me "wrong principal". Is
there a way to find out what principal it expects?
You can configure it:
tkey-domain "YOUR.DOMAIN";
tkey-gssapi-credential "DNS/hostname.your.domain";
(I've never
Hello Phil,
thanx for your answer.I dont know really what the server offers because I
dont get a valid response:
Frame 2475: 168 bytes on wire (1344 bits), 168 bytes captured (1344 bits)
Ethernet II, Src: xx, Dst: Vmware_x
Internet Protocol, Src: , Dst
On 12/06/2010 02:20 PM, Jürgen Dietl wrote:
I have read that there is a special mode called User-To-User Mode. This
mode enables the client to ask for a service direct without asking for a
That's not quite how u2u works.
TGT before. I found out that my client use this special user-to-user
mod
Hello,
I am trying to allow the DNS-Client to do dynamic updates at the DNS-Server
using BIND. I want to use Kerberos as the security protocol. For that I have
a small test lab with a client, 3 Kerberos Server and one Suse Linux
DNS-Server. The 3 Kerberos-Server are emulated with using VM-Ware.
14 matches
Mail list logo
