Hi, I have an issue integrating Kerberos to AD. I believe they have an error in their DNS setup (based on the amount of trouble I've had through the years with Active Directory and DNS, yuck), but I'd like a second opinion, before I yell at the AD admins.
The problem is that a number of AD servers in a sub-domain/sub-realm resolves to a name in a higher-level domain when doing a reverse lookup. Ie. ad1.ext.domain.org -> 1.2.3.4 When doing a reverse lookup on 1.2.3.4 I'd get ad1.domain.org This fools Kerberos and it tries to get a key for ldap/ad1.domain.org instead of ldap/ad1.ext.domain.org (MIT Kerberos 1.6.1 on redhat linux 5) I can workaround by messing with /etc/hosts, of course. Does anyone know whether this is a "supported" configuration for Kerberos? /Morten ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
