> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Markus Moeller > Sent: Wednesday, March 25, 2009 7:53 AM > To: [email protected] > Subject: Re: SASL authentication > > You need to do nslookup sesswin2003.sesswin2003.com or > nslookup sesswin2003.com or add a search path to your > resolv.conf file (e.g. search > sesswin2003.com)
Yesterday, my resolve.conf was like this: ================================= search sgp.fujixerox.com sesswin2003.com nameserver 13.198.8.83 nameserver 13.198.96.10 nameserver 13.198.98.35 ================================= To my dismay, it didn't work. The hostname "sesswin2003" still couldn't be resolved to its IP address. Today, with the help of our local SA, the file is changed to: ================================= search sgp.fujixerox.com sesswin2003.com nameserver 13.198.98.35 nameserver 13.198.96.10 ================================= It seems the order of nameserver list is important. Quite strange. Or it may be the problem of some DNS server. Because if I put the nameserver 13.198.96.10 in front of 13.198.98.35, it still doesn't work. By right, if a hostname can't be located by the first nameserver, it should continue to look for the hostname in the second nameserver, right? Anyway, now nslookup works perfectly: ================================= q...@durian(pts/1):/etc[17]$ nslookup sesswin2003 Server: 13.198.98.35 Address: 13.198.98.35#53 Name: sesswin2003.sesswin2003.com Address: 13.198.98.35 q...@durian(pts/1):/etc[18]$ nslookup sesswin2003.sesswin2003.com Server: 13.198.98.35 Address: 13.198.98.35#53 Name: sesswin2003.sesswin2003.com Address: 13.198.98.35 ================================= For me, it is quite promising. Then I did what Michael and Doug told me, i.e. kinit, klist and ldapsearch: ================================= q...@durian(pts/1):/etc[19]$ kinit [email protected] Password for [email protected]: q...@durian(pts/1):/etc[20]$ klist Ticket cache: FILE:/tmp/krb5cc_20153 Default principal: [email protected] Valid starting Expires Service principal 03/25/09 17:21:13 03/26/09 03:21:11 krbtgt/[email protected] renew until 03/26/09 17:21:13 Kerberos 4 ticket cache: /tmp/tkt20153 klist: You have no tickets cached q...@durian(pts/1):/etc[21]$ ldapsearch -Y GSSAPI -H 'ldap://sesswin2003.sesswin2003.com' -b 'dc=sesswin2003,dc=com' -s sub -LLL 'cn=xuan' mail SASL/GSSAPI authentication started SASL username: [email protected] SASL SSF: 56 SASL installing layers dn: CN=xuan,CN=Users,DC=sesswin2003,DC=com mail: [email protected] # refldap://ForestDnsZones.sesswin2003.com/DC=ForestDnsZones,DC=sesswin2003,D C=com # refldap://DomainDnsZones.sesswin2003.com/DC=DomainDnsZones,DC=sesswin2003,D C=com # refldap://sesswin2003.com/CN=Configuration,DC=sesswin2003,DC=com ================================= It works perfectly. Next I will use this as a bench against my own coding. Thanks to all, Xu Qiang ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
