Vikas Gandhi wrote:
>
> Hi
> Can someone guide me If I have a user account in ADSI called as sample
> and I want to run gssapi samples from Solaris 9 using it. I
> countinuously get this results "Server not found in Kerberos
> database". My belief is this that I am not able to generate the right
> keytab file.
> What should be my kinit
>
> ktpass -princ sample/[EMAIL PROTECTED] -mapuser sample -pass
> sample -out blade.keytab
>
> or
> ktpass -princ sample/[EMAIL PROTECTED] -mapuser sample
> -pass sample -out blade.keytab (domain blade.quark.co.in)
>
> or
> ktpass -princ sample/[EMAIL PROTECTED] -mapuser sample
> -pass sample -out blade.keytab (domain blade.quark.co.in)
>
> My details are given below.
> WIN-OS: 2003 server
> WIN-DOMAIN: QDMS.CO.IN
> WIN-relam: QDMS.CO.IN
> win-host-name: beetle.qdms.co.in
>
> SUN-OS: solaris 9
> SEAM-DOMAIN: QUARK.CO.IN
> win-host-name: blade.quark.co.in
> seam-relam: QUARK.CO.IN
> seam version: 1.01
>
> My /etc/hosts file says the following
> X.X.X.X blade.qdms.co.in blade.quark.co.in blade
> X.X.X.X beetle beetle.qdms.co.in beetle.quark.co.in
The above will get you in trouble. Keep it simple for the test.
Each machine should be in only one domain, and it looks like
you want them to be in seperate realms.
>
> My /etc/resolv.conf says
> domain quark.co.in
> nameserver X.X.X.X
> nameserver X.X.X.X
> search quark.co.in qdms.co.in
>
> My /etc/krb5/krb5.conf says
> [libdefaults]
> default_realm = QDMS.CO.IN
> # default_realm = QUARK.CO.IN
> default_tgs_enctypes = des-cbc-crc
> default_tkt_enctypes = des-cbc-crc
> # dns_lookup_kdc=true
> # dns_lookup_realm =true
>
> [realms]
> QUARK.CO.IN= {
> kdc = blade.quark.co.in
> admin_server = blade.quark.co.in
> }
> QDMS.CO.IN= {
> kdc = beetle.qdms.co.in:88
> admin_server = beetle.qdms.co.in
> default_realm = QDMS.CO.IN
> }
> [capaths]
> QUARK.CO.IN = {
> QDMS.CO.IN = .
> }
> QDMS.CO.IN = {
> QUARK.CO.IN = .
> }
> [domain_realm]
> .quark.co.in= QDMS.CO.IN
> .qdms.co.in= QDMS.CO.IN
> #
> # if the domain name and realm name are equivalent,
> # this entry is not needed
> #
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> kdc = SYSLOG:INFO:DAEMON
>
> [appdefaults]
> gkadmin = {
> help_url = http://blade:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956
> }
> kinit = {
> forwardable = true
> }
> telnet = {
> forward = true
> encrypt = true
> encrypt = true
> autologin = true
> }
>
> FYI: I am able to kinit to the windows kdc and get a ticket. Next I
> have successfully run the sspi(windows Feb-2003 SDK) samples
> successfully using SEAM KDC and ADSI kdc. Also I am able to ru the
> GSSAPI samples with SEAM successfully.
>
> Regards
> Vikas
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
