> -----Original Message----- > From: Douglas E. Engert [mailto:[email protected]] > Sent: Saturday, March 21, 2009 3:05 AM > To: Xu, Qiang (FXSGSC) > Cc: Michael Ströder; [email protected] > Subject: Re: SASL authentication > > You need to use the FQDN of the server, not the IP number. > GSSAPI/Kerberos use the FQDN to derive the principal name.
As you suggested, I use the following expressions: ========================================== q...@durian(pts/3):/etc[19]$ ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=qxu' mail ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) ========================================== The domain name is "sesswin2003.com", the host name is "sesswin2003". Thus the FQDN in the expression is "sesswin2003.sesswin2003.com". But the result seems worse. Did I miss anything? Thank you, Doug! Xu Qiang ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
