also, are you sure that your domain name really *is* ttaprueba. Especially in AD setups, say the 2000-domainname is DOMAIN and the 2003 domainname is domain.com, then your Krb realm should be DOMAIN.COM
2009/8/6 The Loeki <[email protected]> > > > 2009/8/6 Francisco Martínez Díaz <[email protected]> > > Hello, >> >> I am attempting to authenticate users to our AD. The SGD server is a >> solaris10, his dns name is coron10.ha.inat >> The Active Directory server is a windows 2003 server, his dns name is >> flecha.ha.inat and the domain name is ttaprueba. >> >> I synchronice the clock between the client and server bye NTP, >> >> I configure the krb5.conf in coron10 like this: >> >> *# cat krb5.conf* >> >> *[libdefaults]* >> *default_realm = TTAPRUEBA* >> *default_etypes = des-cbc-crc* >> *default_tkt_enctypes = des-cbc-crc* >> *default_tgs_enctypes = des-cbc-crc* >> *permitted_enctypes = des-cbc-crc* >> *dns_lookup_realm = true* >> *dns_lookup_kdc = true* >> *default_checksum = rsa-md5* >> *[realms]* >> *TTAPRUEBA = {* >> *kdc = flecha.ttaprueba* >> *}* >> *[domain_realm]+* >> *.ha.inat = TTAPRUEBA* >> *ha.inat = TTAPRUEBA* >> *[logging]* >> *default = FILE:/var/krb5/kdc.log* >> *kdc = FILE:/var/krb5/kdc.log* >> >> >> >> I create a user account for the service with the ktpass.exe like: >> >> *tarantella/coron10.ha.i...@ttaprueba* >> >> I create a account for the client host with the ktpass.exe like: >> >> *host/coron10.ha.i...@ttaprueba* >> >> >> I can´t obtain a kerberos ticket via kinit. >> >> *# kinit host/coron10.ha.i...@ttaprueba* >> *kinit(v5): Cannot resolve network address for KDC in realm ttaprueba >> while getting initial credentials* >> > > What's the result for nslookup (or host) for your KDC, flecha.ttaprueba? > It should probably be flecha.ha.inat > > >> >> In the administration console, I set the url, username, password, >> >> When I click next, I receive the following error: >> >> *javax.naming.AuthenticationException [Root exception is >> com.tarantella.tta.webservices.TTAException]* >> >> I can't seem to locate any log files indicating what the error is. Where >> can I look? >> >> _______________________________________________ >> SGD-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sgd-users >> >> >
_______________________________________________ SGD-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sgd-users
