Hi Sumit, thanks for the hint. I tried to set an alias for the Principal, but nothing happened. I don't find any ldap Attribute in the heimdal Schema (hdb.schema).
I found an alias (krbPrincipalAliases) in the MIT Schema, but we use Heimdal. greets Steffen > I'm sorry, but I'm not aware of any switches to enable some debugging in > the SASL library. > > But I'm wondering if NAT_IP is a placeholder for the IP address. This > cannot work. The SASL bind needs the real fully qualified name of the > LDAP server, i.e. the name which was used to register the LDAP server > with the KDC or an alias name if alias names are configured for the LDAP > server in the KDC. Without the name it is not possible to get a Kerberos > service ticket for the LDAP server. > > If you cannot use the real name because the corresponding IP address is > not properly routed in the NATed environment I would suggest to add an > alias in the KDC with a name which resolves to NAT_IP. > > HTH > > bye, > Sumit > _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
