login autority active directory and kerbeos question?

Hello Mario

I would suggest checking the following:

1. Copying the krb5.conf file to /etc

2. Run the command:

nslookup -query=any _gc._tcp.indigo-insurance.com

It should return the melbourne.indigo-insurance.com kdc server e.g

[root@trinidad bin]# nslookup -query=any _gc._tcp.indigo-insurance.com

Note: nslookup is deprecated and may be removed from future releases.

Consider using the `dig' or `host' programs instead. Run nslookup with

the `-sil[ent]' option to prevent this message from appearing.

Server: 10.10.1.1

Address:10.10.1.1#53

_gc._tcp.indigo-insurance.comservice = 0 100 3268

melbourne.indigo-insurance.com.

If not, you need to update your networking correctly.

3. Make sure that the user you specified

(Administrator@indigo-insurance.com) is valid by using the command:

kinit Administrator@INDIGO-INSURANCE.COM

It should prompt you for the password for the Administrator user. If

the user and password are valid, you should see something like:

kinit Administrator@INDIGO-INSURANCE.COM

Password Administrator@INDIGO-INSURANCE.COM for :admin1234

New ticket is stored in cache file /tmp/krb5cc_0

If it fails then, you need to verify the username and password

credentials for the Domain you are using. Also make sure that the user

you are using has sufficient privileges to search the LDAP database.

Best regards

Carl

Mario Alberto Gamboa Pang wrote:

> i need to use the active directory autority i make a DC same like the

> example come in the administration guide named INDIGO-INSURANCE.COM with

> name server melbourne.indigo-insurance.com ok this is my krb5.conf made

> it in installdir/bin/jdk_version/jre/lib/security

>

> [libdefaults]

> default_realm = INDIGO-INSURANCE.COM

> default_checksum = rsa-md5

> [realms]

> INDIGO-INSURANCE.COM = {

> kdc = melbourne.indigo-insurance.com

> }

> [domain_realm]

> indigo-insurance.com = INDIGO-INSURANCE.COM

>

> and select the active directory autority and put in URL

> ad://melbourne.indigo-insurance.com like the manual and in username

> Administrator@indigo-insurance.com like the manual and the respective

> password i press apply and give the follow

>

>

> problem: Authentication failed using the supplied username and password.

> Failed with error javax.naming.AuthenticationException: Failed to

> authenticate Client not found in Kerberos database (6).Impact: The LDAP

> login authority will be unable to authenticate users.Resolution: Type

> the username and password of an LDAP user with sufficient privileges.

> Use LDAP-style usernames, for example cn=Bill

> Orange,cn=Users,dc=indigo-insurance,dc=com.show error details

>

> What is the problem becaus if i change the ad:// for ldap:// with the

> same information and change the autority to ldap works but i can use the

> active directory autority

Carl at 2007-7-4 18:52:36 >