Re: [SGD-Users] SGD and AD Problem

Mon, 02 Jun 2008 01:36:41 -0700 

Hi Mika,
This error is normally associated with missing DNS Reverse Lookup information. To verify this have a look at the steps below. 

Query host w2k3.demo.domain.com in DNS using:

# nslookup w2k3.demo.domain.com

You should see something like:

Server:         10.100.10.2
Address:        10.100.10.2#53

Name:   w2k3.demo.domain.com
Address: 10.100.10.21


To check to reverse lookup information is available you need to query 
the ip address:


# nslookup 10.100.10.21

And should expect to see something like:

Server:         10.100.10.2
Address:        10.100.10.2#53

21.10.100.10.in-addr.arpa       name = w2k3.demo.domain.com


If this information is missing this is likely to be the cause of your 
problems.


It can be fixed by creating the reverse lookup zone in DNS.

Hope this helps,

-- DD


Mika Borner wrote:

Hi


When trying to configure AD authentication with SGD 4.4, I'm getting 
an exception:



javax.naming.AuthenticationException [Root exception is 
javax.naming.AuthenticationException: GSSAPI [Root exception is 
javax.security.sasl.SaslException: GSS initiate failed [Caused by 
GSSException: No valid credentials provided (Mechanism level: Server 
not found in Kerberos database (7))]]]



I have configured Kerberos on my Solaris 10 box with the adjoin.sh 
script from the winchester project 
(http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf).


This created me following file

/etc/krb5/krb5.conf:

[libdefaults]
        default_realm = DEMO.DOMAIN.COM

[realms]
        DEMO.DOMAINE.COM = {
                kdc = w2k3.demo.domain.com
                kpasswd_server = w2k3.demo.domain.com
                kpasswd_protocol = SET_CHANGE
                admin_server = w2k3.demo.domain.com
        }

[domain_realm]
        .demo.domain.com = DEMO.DOMAIN.COM

Also the computer was added to the AD.

On the LDAP Repository Details form I'm entering:

URLs: ad://demo.domain.com
User Name: [EMAIL PROTECTED]
Password: ******
Active Directory Base Domain: demo.domain.com
Active Directory Default:  demo.domain.com

Any hints?

Thanks
Mika
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users


_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users






















					Reply via email to