On Fri, Jul 05, 2013 at 01:19:45PM +0200, Petter Reinholdtsen wrote: > [Guido Günther] > > Hi Petter, > > Hi. > > > Could you check if adding: > > > > domain intern > > > > works around your problem? We'd know then if heimdal and MIT behave > > differently or if we do have to look for another issue. > > It is already present. The resolv.conf file look like this: > > domain intern > search intern > nameserver 10.0.2.2 > > > It'd also be good to see the DNS traffic when you try to acquire a > > TGT via krb5-auth-dialog or heimdal's kinit. The later could easily > > be done by copying the kinit to the diskless workstation's /tmp - > > the libs are already there due to krb5-auth-dialog. > > Hm, there seem to be some caching going on that make it hard to tell, > but here is my best guess based on several runs. It seem to look for > TXT entry for _kerberos.$hostmame (as in _kerberos.ltsp4115), and then > _kerberos.intern, giving it the REALM. But it do not try any lookups > to find the Kerberos server (as in SRV records in > _kerberos._tcp.intern). And it show a popup stating that it can't > reach the kerberos server when I enter the password. > > > I'm mostly trying to figure out if this is a heimdal vs. MIT issue > > or if krb5-auth-dialog is involved. I'm almost convinced it's the > > former but I'd like to be sure before bugging the hemdal maintainers > > ;) cheers, > > I hope this help. :) I think we're getting closer. Did you try the
dns_lookup_kdc dns_fallback parameters? -- Guido -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
