Hi All,
I'm following the wiki cookbook and am up to the point of added the
mapiprofile for user JohnDoe and that is failing. It looks to me like
something's wrong with Kerberos configuration but I can't figure out
what the exact problem is. Any ideas?
Thanks,
Danté
Failed Command:
root@openchangedev:~/Bind9# /usr/sbin/rndc -c /etc/bind/rndc.conf -k
/etc/bind/rndc.key status
version: 9.8.6-P1 <id:aefa9de2>
CPUs found: 4
worker threads: 4
number of zones: 82
debug level: 9
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
root@openchangedev:~/Bind9# PYTHONPATH=$PYTHONPATH
/usr/local/samba/bin/mapiprofile --create --profile=testing --default
--address=192.168.4.110 --domain=SFPI-TEST --realm=SFPI-TEST.local
--username=JohnDoe --password='OpenChangeDev1' --debuglevel=9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
Using binding ncacn_ip_tcp:192.168.4.110
Mapped to DCERPC endpoint 135
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
Mapped to DCERPC endpoint 1024
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
Using binding ncacn_ip_tcp:openchangedev.sfpi-test.local
Mapped to DCERPC endpoint 135
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
Mapped to DCERPC endpoint 1024
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
added interface eth0 ip=192.168.4.110 bcast=192.168.7.255
netmask=255.255.252.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1240
Received smb_krb5 packet of length 107
Received smb_krb5 packet of length 107
Received smb_krb5 packet of length 107
Received smb_krb5 packet of length 107
Server exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL is not
registered with our KDC: Miscellaneous failure (see text): Server
(exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
../librpc/rpc/dcerpc_util.c:140: auth_pad_length 0
MAPI Property EmailAddress not set
MAPI Property DisplayName not set
ProcessNetworkProfile : MAPI_E_NOT_FOUND (0x8004010F)
Deleting profile
Samba log/output
dreplsrv_periodic_run(): schedule pull replication
dreplsrv_refresh_partition(DC=DomainDnsZones,DC=sfpi-test,DC=local)
dreplsrv_refresh_partition(DC=ForestDnsZones,DC=sfpi-test,DC=local)
dreplsrv_refresh_partition(DC=sfpi-test,DC=local)
dreplsrv_refresh_partition(CN=Schema,CN=Configuration,DC=sfpi-test,DC=local)
dreplsrv_refresh_partition(CN=Configuration,DC=sfpi-test,DC=local)
dreplsrv_periodic_run(): run pending_ops memory=116
dreplsrv_periodic_schedule(300) scheduled for: Tue Dec 10 16:32:46 2013 EST
kccsrv_periodic_run(): update
Testing kcctpl_create_intersite_connections
NT_STATUS_OK
all_connected=1, 0 GUIDs returned
found 0 existing nTDSConnection objects
0 connections have been deleted
0 connections have been added
kccsrv_periodic_schedule(300) scheduled for: Tue Dec 10 16:32:46 2013 EST
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:27:51 2013 EST
Received dgram packet of length 212 from 192.168.4.10:138
Browse LocalMasterAnnouncement (Op 15) on 'SFPIM3<1e>'
'\MAILSLOT\BROWSE' from 192.168.4.10:138
Received dgram packet of length 212 from 192.168.4.10:138
Browse LocalMasterAnnouncement (Op 15) on 'SFPIM3<1e>'
'\MAILSLOT\BROWSE' from 192.168.4.10:138
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:27:56 2013 EST
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:28:01 2013 EST
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:28:06 2013 EST
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:28:11 2013 EST
dreplsrv_notify_schedule(5) scheduled for: Tue Dec 10 16:28:16 2013 EST
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.17608.78
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id = 17608.78]
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id =
0x44c8 0x4e 0xffffffff]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got user=[JohnDoe] domain=[SFPI-TEST]
workstation=[openchangedev.sfpi-test.com] len1=24 len2=196
auth_check_password_send: Checking password for unmapped user
[SFPI-TEST]\[JohnDoe]@[openchangedev.sfpi-test.com]
map_user_info_cracknames: Mapping user [SFPI-TEST]\[JohnDoe] from
workstation [openchangedev.sfpi-test.com]
auth_check_password_send: mapped user is:
[SFPI-TEST]\[JohnDoe]@[openchangedev.sfpi-test.com]
auth_get_challenge: returning previous challenge by module random (normal)
[0000] FB EC 38 29 22 19 2F 6B ..8)"./k
ntlm_password_check: Checking NTLMv2 password with domain [SFPI-TEST]
authsam_account_ok: Checking SMB password for user JohnDoe
logon_hours_ok: No hours restrictions for user JohnDoe
auth_check_password_recv: sam_ignoredomain authentication for user
[SFPI-TEST\JohnDoe] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.211846] [#0 start]
mapiproxy::mapiproxy_op_dispatch: RfrGetNewDSA(0x0): 56 bytes
exchange_ds_rfr: RfrGetNewDSA (0x0)
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.211953] [#0 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.17608.78
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
mapiproxy::mapiproxy_op_unbind
dcesrv_exchange_nsp_unbind
dcesrv_exchange_emsmdb_unbind
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.17608.78
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
Kerberos: AS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:43365
for krbtgt/SFPI-TEST.LOCAL@SFPI-TEST.LOCAL
Kerberos: No preauth found, returning PREAUTH-REQUIRED --
JohnDoe@SFPI-TEST.LOCAL
Kerberos: AS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:49207
for krbtgt/SFPI-TEST.LOCAL@SFPI-TEST.LOCAL
Kerberos: Client sent patypes: encrypted-timestamp
Kerberos: Looking for PKINIT pa-data -- JohnDoe@SFPI-TEST.LOCAL
Kerberos: Looking for ENC-TS pa-data -- JohnDoe@SFPI-TEST.LOCAL
Kerberos: ENC-TS Pre-authentication succeeded -- JohnDoe@SFPI-TEST.LOCAL
using arcfour-hmac-md5
authsam_account_ok: Checking SMB password for user JohnDoe@SFPI-TEST.LOCAL
logon_hours_ok: No hours restrictions for user JohnDoe@SFPI-TEST.LOCAL
Kerberos: AS-REQ authtime: 2013-12-10T16:28:12 starttime: unset endtime:
2013-12-11T02:28:12 renew till: unset
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5,
using arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: proxiable, forwardable
Kerberos: TGS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:56314
for exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL [canonicalize]
LDB_lookup_spn_alias: no alias for service exchangeAB applicable
Kerberos: Searching referral for OPENCHANGEDEV.SFPI-TEST.LOCAL
Kerberos: Server not found in database:
exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.4.110:56314
Kerberos: TGS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:60432
for exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL
LDB_lookup_spn_alias: no alias for service exchangeAB applicable
Kerberos: Server not found in database:
exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.4.110:60432
Kerberos: TGS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:52292
for exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL [canonicalize]
LDB_lookup_spn_alias: no alias for service exchangeAB applicable
Kerberos: Searching referral for OPENCHANGEDEV.SFPI-TEST.LOCAL
Kerberos: Server not found in database:
exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.4.110:52292
Kerberos: TGS-REQ JohnDoe@SFPI-TEST.LOCAL from ipv4:192.168.4.110:38216
for exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL
LDB_lookup_spn_alias: no alias for service exchangeAB applicable
Kerberos: Server not found in database:
exchangeAB/OPENCHANGEDEV.SFPI-TEST.LOCAL@SFPI-TEST.LOCAL: no such entry
found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.4.110:38216
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id = 17608.78]
mapiproxy::mapiproxy_op_bind: [session = 0x0] [session server id =
0x44c8 0x4e 0xffffffff]
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Got user=[JohnDoe] domain=[SFPI-TEST]
workstation=[openchangedev.sfpi-test.com] len1=24 len2=196
auth_check_password_send: Checking password for unmapped user
[SFPI-TEST]\[JohnDoe]@[openchangedev.sfpi-test.com]
map_user_info_cracknames: Mapping user [SFPI-TEST]\[JohnDoe] from
workstation [openchangedev.sfpi-test.com]
auth_check_password_send: mapped user is:
[SFPI-TEST]\[JohnDoe]@[openchangedev.sfpi-test.com]
auth_get_challenge: returning previous challenge by module random (normal)
[0000] 54 CE 71 DC EE 58 10 3D T.q..X.=
ntlm_password_check: Checking NTLMv2 password with domain [SFPI-TEST]
authsam_account_ok: Checking SMB password for user JohnDoe
logon_hours_ok: No hours restrictions for user JohnDoe
auth_check_password_recv: sam_ignoredomain authentication for user
[SFPI-TEST\JohnDoe] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.288491] [#1 start]
mapiproxy::mapiproxy_op_dispatch: NspiBind(0x0): 48 bytes
dcesrv_exchange_nsp_dispatch
exchange_nsp: NspiBind (0x0)
Creating new session
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.293099] [#1 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.293422] [#2 start]
mapiproxy::mapiproxy_op_dispatch: NspiGetSpecialTable(0xc): 56 bytes
dcesrv_exchange_nsp_dispatch
exchange_nsp: NspiGetSpecialTable (0xC)
Hierarchy Table requested
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.525447] [#2 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.526158] [#3 start]
mapiproxy::mapiproxy_op_dispatch: NspiGetMatches(0x5): 104 bytes
dcesrv_exchange_nsp_dispatch
exchange_nsp: NspiGetMatches (0x5)
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.527611] [#3 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.696735] [#4 start]
mapiproxy::mapiproxy_op_dispatch: NspiQueryRows(0x3): 72 bytes
dcesrv_exchange_nsp_dispatch
exchange_nsp: NspiQueryRows (0x3)
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.697130] [#4 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
mapiproxy::mapiproxy_op_ndr_pull
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.779018] [#5 start]
mapiproxy::mapiproxy_op_dispatch: NspiUnbind(0x1): 32 bytes
dcesrv_exchange_nsp_dispatch
exchange_nsp: NspiUnbind (0x1)
[dcesrv_NspiUnbind:217]: Session found and released
mapiproxy::mapiproxy_op_dispatch: [tv=1386710892.779539] [#5 end]
mapiproxy::mapiproxy_op_reply
mapiproxy::mapiproxy_op_ndr_push
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.17608.78
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
mapiproxy::mapiproxy_op_unbind
dcesrv_exchange_nsp_unbind
dcesrv_exchange_emsmdb_unbind
cat /usr/local/samba/private/krb5.conf
[libdefaults]
default_realm = SFPI-TEST.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
cat /etc/krb5.conf
[libdefaults]
default_realm = SFPI-TEST.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
SFPI-TEST.COM = {
kdc = 192.168.4.110
admin_server = 192.168.4.110
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU = {
kdc = casio.mit.edu
kdc = seiko.mit.edu
admin_server = casio.mit.edu
}
MOOF.MIT.EDU = {
kdc = three-headed-dogcow.mit.edu:88
kdc = three-headed-dogcow-1.mit.edu:88
admin_server = three-headed-dogcow.mit.edu
}
CSAIL.MIT.EDU = {
kdc = kerberos-1.csail.mit.edu
kdc = kerberos-2.csail.mit.edu
admin_server = kerberos.csail.mit.edu
default_domain = csail.mit.edu
krb524_server = krb524.csail.mit.edu
}
IHTFP.ORG = {
kdc = kerberos.ihtfp.org
admin_server = kerberos.ihtfp.org
}
GNU.ORG = {
kdc = kerberos.gnu.org
kdc = kerberos-2.gnu.org
kdc = kerberos-3.gnu.org
admin_server = kerberos.gnu.org
}
1TS.ORG = {
kdc = kerberos.1ts.org
admin_server = kerberos.1ts.org
}
GRATUITOUS.ORG = {
kdc = kerberos.gratuitous.org
admin_server = kerberos.gratuitous.org
}
DOOMCOM.ORG = {
kdc = kerberos.doomcom.org
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
kdc = vice28.fs.andrew.cmu.edu
kdc = vice2.fs.andrew.cmu.edu
kdc = vice11.fs.andrew.cmu.edu
kdc = vice12.fs.andrew.cmu.edu
admin_server = vice28.fs.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
kdc = kerberos.cs.cmu.edu
kdc = kerberos-2.srv.cs.cmu.edu
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
kdc = kerberos.dementia.org
kdc = kerberos2.dementia.org
admin_server = kerberos.dementia.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
master_kdc = krb5auth1.stanford.edu
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
[domain_realm]
.sfpi-test.com = SFPI-TEST.COM
sfpi-test.com = SFPI-TEST.COM
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
.media.mit.edu = MEDIA-LAB.MIT.EDU
media.mit.edu = MEDIA-LAB.MIT.EDU
.csail.mit.edu = CSAIL.MIT.EDU
csail.mit.edu = CSAIL.MIT.EDU
.whoi.edu = ATHENA.MIT.EDU
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
[login]
krb4_convert = true
krb4_get_tickets = false
_______________________________________________
devel mailing list
devel@lists.openchange.org
http://mailman.openchange.org/listinfo/devel
