[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized

To: heimdal-discuss@sics.se
Subject: Re: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
From: <fmayer@gmx.de>
Date: Tue, 1 Jul 2008 18:44:19 +0200 (CEST)
In-Reply-To: a64bf030807010514l1170e506s75d34b5c97a2f100@mail.gmail.com
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, <fmayer@gmx.de>

Dear Javier,
thanx a lot or your fast response!

> I assume you are using a single host for this tests.

No, actually only the ldap and the kerberos-server is on the
same machine. The Client is a VM at a Provider and I am
sitting myself outside, somewhere in the internet. On the
server the ports 389, 88, 749, 750 and 751 (udp & tcp) are
open - next to 22 of course ;)

> Check /etc/hosts, because debian/ubuntu has a strange
> 127.0.1.1 (or something alike) there.

Indeed - I found a line with 127.0.1.1 on the server and
changed it to its public IP.But unfortunally this does not
change anything. From both machines (the client as well
as from the server) I receive this "generic failure:
GSSAPI Error: An invalid name was supplied (Hostname
cannot be canonicalized)"

> Also, they tend to force local node resolution to 127.0.0.1
> there, so the reverse resolution check might fail.

This might be worth to analyze a little bit more in detail -
but actually there was a big error - in the hosts-file I
named the machine wrongly ".local" instead of ".com". I
changed the entry and set up the kerberos-DB again.
Unfortunately the error still remains :(

> The other thing that might be failing is the absence of
> a proper my.domain = MY.DOMAIN in the domain_realm
> section.

When I try to include the domain in the same way, as
other REALMS are already included like

[domain_realm]
	.mit.edu = ATHENA.MIT.EDU
	mit.edu = ATHENA.MIT.EDU
	mycompany.com = TESTREALM.LOCAL
	.mycompany.com = TESTREALM.LOCAL

I get an error-message
> [..] GSSAPI Error: Miscellaneous failure (Server not found [..]

(I think, that I have to read that part of the manual ..)

> try running ldapsearch specifiying node name or ad-
> dresses on command line, and that will might produce
> clarifiying messages.

Thank you for the hint, you are right. On the other side
I did not want to accidentally publish details, that may
harm the server.

I have to leave now and will resume on this (especially
review the ".local" and ".com"-error) tomorrow.

Thank you very much again!
Frank

Prev by Date: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Next by Date: Re: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Prev by thread: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Next by thread: Re: Re: LDAP/Kerberos/GSSAPI Error:Hostname cannot be canonicalized
Index(es):
- Date
- Thread