[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NAT Problem
Hi,
I have a problem with to connect from firewall/NAT:
The sistuation is:
Kerberos server in the internal net and i use NAT for external
connection (usual network 192.168.1.X -> REAL IP)
I use NAT also in DMZ.( 192.168.2.X )
The comunication btw DMZ and internal net
are with Real IP (i know double NAT :-( )
When i telnet from DMZ to DMZ no problem
(i get the ticket and so on..)
When i try to connect from internal net to DMZ
kinit --no-address
telnet -l manfred panoramix.aigo.it
Trying 151.36.98.141...
Connected to panoramix.aigo.it (151.36.98.141).
Escape character is '^]'.
[ Kerberos V5 refuses authentication because Read req failed: Key table entry not found ]
[ Kerberos V5 refuses authentication because Read req failed: Key table entry not found ]
telnetd: Authorization failed.
Connection closed by foreign host.
klist -a
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: manfred@AIGO.INTRA
Valid starting Expires Service principal
09/02/01 18:57:27 09/03/01 01:38:40 krbtgt/AIGO.INTRA@AIGO.INTRA
Addresses: (none)
09/02/01 18:58:01 09/03/01 01:38:40 host/panoramix.aigo.it@AIGO.INTRA
Addresses: (none)
Some data from DMZ to DMZ
kinit --no-address
klist -a
Ticket cache: FILE:/tmp/krb5cc_500
Default principal: manfred@AIGO.INTRA
Valid starting Expires Service principal
09/02/01 19:03:18 09/03/01 01:43:15 krbtgt/AIGO.INTRA@AIGO.INTRA
Addresses: (none)
09/02/01 19:04:06 09/03/01 01:43:15 host/panoramix.aigo.it@AIGO.INTRA
Addresses: (none)
There is something in krb5.conf to do ?
(already set in the krb5.con extra_address real_ip and nat ip .. )
Can someone help me ?
Thank you ...
bye manfred