[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized

To: heimdal-discuss@sics.se, fmayer@gmx.de
Subject: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
From: "Javier Palacios" <javiplx@gmail.com>
Date: Tue, 1 Jul 2008 14:14:18 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=j9Qbyd96o42kGfurgmPNhT0qxk2lyaxFYgNRX6itQ10=; b=mmP0fd0IPEIZwaEZxxCPqZKUknBhWSadv7ABtMp/Yd1DCOEaSTv2fak0lcDX5PzbjC SGqIaQcK66Ry7K3ch63umd1WouXDqDJCgPVPduKbM+fBo0m3Q2U9NoasqGrp+Ti1bR/T aATCXYSTytIOecyB8BA+BnrbbbkIGDX51PeXE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=t+QzQhzzbFl7TDJJyo+AeEWGFIPDq7jgHemfn8PE238tStVXs8BW6x0Fv7DhbhQIJ7 /jkj4N/mvLM7vKbcV4xiw9XzGSPJNmriBwgVlZW60GTR/+txNgAfID5xnIcEaBXtEaN6 8pFE5SlhCuycfAK93ApKHJ7nzirCpzZ7LaVUU=
In-Reply-To: <sympa.1214911642.9159.247@sics.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <sympa.1214911642.9159.247@sics.se>
Reply-To: heimdal-discuss@sics.se, "Javier Palacios" <javiplx@gmail.com>

On Tue, Jul 1, 2008 at 2:01 PM,  <fmayer@gmx.de> wrote:
> Hi list,
> I am trying to setup a LDAP-Server with SASL and Kerberos-authentication via
> GSSAPI. The Systems are running debian etch unsing the heimdal-implementation.
> [...]
>> fmayer@client:~$ ldapsearch
>> SASL/GSSAPI authentication started
>> ldap_sasl_interactive_bind_s: Local error (-2)
>>         additional info: SASL(-1): generic failure: GSSAPI Error: An invalid
> name was supplied
>>         (Hostname cannot be canonicalized)

I assume you are using a single host for this tests. Check /etc/hosts,
because debian/ubuntu has a strange 127.0.1.1 (or something alike)
there. Also, they tend to force local node resolution to 127.0.0.1
there, so the reverse resolution check might fail.

The other thing that might be failing is the absence of a proper
.my.domain = MY.DOMAIN in the domain_realm section.

try running ldapsearch specifiying node name or addresses on command
line, and that will might produce clarifiying messages.

Javier Palacios

References:
- LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
  - From: <fmayer@gmx.de>

Prev by Date: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Next by Date: kerberos setup, basic questions
Prev by thread: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Next by thread: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Index(es):
- Date
- Thread