Kerberos? Does anyone have this running?

Kevin Fries kfries at cctus.com
Fri Jan 11 14:38:45 UTC 2008 

On Fri, 2008-01-11 at 00:49 +0100, Morten Kjeldgaard wrote:
> > Tried that and actually configuring DNS.  DNS is now fully up and
> > running, yet...
> >
> > Others in the forums report the same failure despite dnsdomainname
> > returning correctly.  Yet, there were no responses.  That is why I
> > decided to ask the developers.  Thinking it may be in the process of
> > being EOL'd or something.
> 
> You also need to have reverse DNS up and running.

Yea, struggled with that due to false error messages, but R-DNS is
running perfectly, and still refuses to configure correctly.  While I
have never been able to prove it, is have this sneaky suspicion that my
Kerberos problem is due to multiple interfaces.

My Setup:
+---+
| I |                   +----------+
| n |                 +-+ Server 1 |
| t | (0)+-------+ (1)| +----------+ +-------------+
| e +----+ LabDC +----+--------------+ Test Client |
| r |    +---+---+    | +----------+ +-------------+
| n |        | (2)    +-+ Server 2 |
| e |    +---+---+      +----------+
| t +----+ LabAS |
+---+    +-------+

Essentially, LabDC is my problem machine.  The Internet is simulated by
our Corp Network.  LabDC gets its address for eth0 via DHCP.  It is also
a portal into the simulated corporate network.  So, eth1 is a static
address into the servers and test client that stand for a typical
corporate network.  It serves DNS, DHCP, etc accross its eth1 interface.
The assumption is that there would be some sort of SSO environment
(Kerberos, AD, etc) on that network.  So, I was trying to Install
Kerberos because I am trying to avoid setting up Windows servers due to
resource constraints.  The eth2 interface is to a special server which
is represented here by a machine referred to as LabAS.  This is the
heart of our proprietary solution.  However, I can not test that, until
I get a good Backoffice simulation going.

Because LabDC is sitting on the intersection of three networks, and the
half-baked way the KBC configuration is designed, I suspect, but can not
prove, that this is at the heart of the problems I am seeing.  It would
be nice if I had more resources to set up additional machines, but,
budgets being what they are...

Thanks for the help, I am starting to consider giving up on Kerberos,
and just settling for a more simplified LDAP based solution.  It means
that my simulation will not be as representative of a Windows based
network, but working and simplicity sometimes just needs to rule the
day, lol.

-- 
Kevin Fries
Senior Linux Engineer
Computer and Communications Technology, Inc
A Division of Japan Communications Inc.

More information about the Ubuntu-devel-discuss mailing list