[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cross Realm HELP




Jeremiah Martell <inlovewithgod@gmail.com> writes:

> I cannot kinit to realm B, and then use ldapsearch -Y GSSAPI to access
> the ldap directory in realm A. (Even though there's a trust between the
> realms B and A)
>
> However, I can first kinit to B, use kvno to manually get a ticket for
> the ldap directory in realm A (kvno ldap/domainA@realmA), and then use
> ldapsearch -Y GSSAPI to access the ldap directory in realm A.


Check KDC logs in realm B. check with tcpdump what the client tries to do.
What error do you get from ldapsearch ?

Love

PGP signature