Can you get a network capture with wireshark on your 2003 server of all traffic from your client when you do the following
On the client: kinit [email protected] ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s sub -LLL '(cn=qxu)' mail Make sure that sesswin2003.sesswin2003.com resolves to the correct ip or is in your hosts file. Markus "Xu, Qiang (FXSGSC)" <[email protected]> wrote in message news:[email protected]... >> -----Original Message----- >> From: Douglas E. Engert [mailto:[email protected]] >> Sent: Saturday, March 21, 2009 3:05 AM >> To: Xu, Qiang (FXSGSC) >> Cc: Michael Ströder; [email protected] >> Subject: Re: SASL authentication >> >> You need to use the FQDN of the server, not the IP number. >> GSSAPI/Kerberos use the FQDN to derive the principal name. > > As you suggested, I use the following expressions: > ========================================== > q...@durian(pts/3):/etc[19]$ ldapsearch -Y GSSAPI -H > 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s > sub -LLL 'cn=qxu' mail > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) > ========================================== > The domain name is "sesswin2003.com", the host name is "sesswin2003". Thus > the FQDN in the expression is "sesswin2003.sesswin2003.com". But the > result seems worse. > > Did I miss anything? > > Thank you, Doug! > Xu Qiang > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
