[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
thanx a lot or your fast response!
> I assume you are using a single host for this tests.
No, actually only the ldap and the kerberos-server is on the
same machine. The Client is a VM at a Provider and I am
sitting myself outside, somewhere in the internet. On the
server the ports 389, 88, 749, 750 and 751 (udp & tcp) are
open - next to 22 of course ;)
> Check /etc/hosts, because debian/ubuntu has a strange
> 127.0.1.1 (or something alike) there.
Indeed - I found a line with 127.0.1.1 on the server and
changed it to its public IP.But unfortunally this does not
change anything. From both machines (the client as well
as from the server) I receive this "generic failure:
GSSAPI Error: An invalid name was supplied (Hostname
cannot be canonicalized)"
> Also, they tend to force local node resolution to 127.0.0.1
> there, so the reverse resolution check might fail.
This might be worth to analyze a little bit more in detail -
but actually there was a big error - in the hosts-file I
named the machine wrongly ".local" instead of ".com". I
changed the entry and set up the kerberos-DB again.
Unfortunately the error still remains :(
> The other thing that might be failing is the absence of
> a proper my.domain = MY.DOMAIN in the domain_realm
When I try to include the domain in the same way, as
other REALMS are already included like
.mit.edu = ATHENA.MIT.EDU
mit.edu = ATHENA.MIT.EDU
mycompany.com = TESTREALM.LOCAL
.mycompany.com = TESTREALM.LOCAL
I get an error-message
> [..] GSSAPI Error: Miscellaneous failure (Server not found [..]
(I think, that I have to read that part of the manual ..)
> try running ldapsearch specifiying node name or ad-
> dresses on command line, and that will might produce
> clarifiying messages.
Thank you for the hint, you are right. On the other side
I did not want to accidentally publish details, that may
harm the server.
I have to leave now and will resume on this (especially
review the ".local" and ".com"-error) tomorrow.
Thank you very much again!