[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with name resolving, or what?

To: heimdal-discuss@sics.se
Subject: Problem with name resolving, or what?
From: Måns Nilsson <mansaxel@sunet.se>
Date: Thu, 06 Jun 2002 19:50:57 +0200
Sender: owner-heimdal-discuss@sics.se

Client: Heimdal on OpenBSD
Server Solaris 8 2/02, Heimdal. v.latest

Problem: When obtaining a ticket *with* IP address info, server refuses
login. When using --no-addresses (like when traversing NAT stuff) it works. 

Both hosts are on the same LAN,
DNS works, both ways, 
the KDC is on the same LAN too,
all machines have their FQDN as output of uname -n,
and I've in general followed the advice I collected last time I did make a
fool of myself in this august forum. 

Suggestions? 


Debug output:

$ klist
Credentials cache: FILE:/tmp/krb5cc_1004
        Principal: mansaxel@SUNET.SE

  Issued           Expires          Principal             
Jun  6 19:29:27  Jun  7 05:28:29  krbtgt/SUNET.SE@SUNET.SE

v4-ticket file: /tmp/tkt1004
Principal:      mansaxel@SUNET.SE

  Issued           Expires          Principal             
Jun  6 19:29:27  Jun  7 05:29:27  krbtgt.SUNET.SE@SUNET.SE
$ telnet -x yebisu
Encryption is verbose
Trying 192.36.125.136...
Connected to yebisu.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/yebisu.pilsnet.sunet.se@SUNET.SE)... ]
[ Kerberos V5 refuses authentication because Read req failed: Incorrect net
address ]
[ Trying KERBEROS5 (host/yebisu.pilsnet.sunet.se@SUNET.SE)... ]
[ Kerberos V5 refuses authentication because Read req failed: Incorrect net
address ]
[ Trying mutual KERBEROS4 (rcmd.yebisu@SUNET.SE) ... ]
mk_req failed: Principal unknown (kerberos)
[ Trying KERBEROS4 (rcmd.yebisu@SUNET.SE) ... ]
mk_req failed: Principal unknown (kerberos)
telnetd: Authorization failed.
Connection closed by foreign host.
$ uname -a
OpenBSD slimsixten.pilsnet.sunet.se 3.1 SLIMSIXTEN#1 i386
$ dig slimsixten.pilsnet.sunet.se +short
192.36.125.115
$ kdestroy

$ kauth --no-addresses 
mansaxel@SUNET.SE's Password: 
$ telnet -x yebisu                       
Encryption is verbose
Trying 192.36.125.136...
Connected to yebisu.
Escape character is '^]'.
[ Trying mutual KERBEROS5 (host/yebisu.pilsnet.sunet.se@SUNET.SE)... ]
[ Kerberos V5 accepts you as ``mansaxel@SUNET.SE'' ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
yebisu.pilsnet.sunet.se$ nslookup 192.36.125.115
Server:  resolver.sunet.se
Address:  192.36.125.14

Name:    slimsixten.pilsnet.sunet.se
Address:  192.36.125.115

yebisu.pilsnet.sunet.se$ 


-- 
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Follow-Ups:
- Re: Problem with name resolving, or what?
  - From: Thomas Nystrom <thn@saeab.se>

Prev by Date: Re: RedHat's pam_krb5 port for Heimdal
Next by Date: Re: Problem with name resolving, or what?
Prev by thread: Re: RedHat's pam_krb5 port for Heimdal
Next by thread: Re: Problem with name resolving, or what?
Index(es):
- Date
- Thread