go to  ForumEasy.com   
LdapPro  
 
 
   Home  |  MyForum  |  FAQ  |  Archive    You are not logged in. [Login] or [Register]  
Forum Home » Kerberos & GSS-API » You cannot reach a Kerberized service without a proper DNS settings
Email To Friend  |   Set Alert To This Topic Rewarding Points Availabe: 0 (What's this) New Topic  |   Post Reply
Author Topic: You cannot reach a Kerberized service without a proper DNS settings
authen
member
offline   
 
posts: 36
joined: 08/07/2006
from: San Diego, CA
  posted on: 06/01/2009 10:15:54 PM    Edit  |   Quote  |   Report 
You cannot reach a Kerberized service without a proper DNS settings
While accessing a Kerberized service, e.g. LDAP operation, the client needs to communicate with KDC to get the Kerberos ticket for that service (TGS). If the FQDN used in the service principal name (SPN) is not properly set in the DNS server, that service will not be visible from outside and the TGS will failed.

For some clients, like LDP.exe, a failover protocol (NTLM) will be used instead.

For example, for the given service:
SPN:
     ldap/myServer.myDomain.com@MYDOMAIN.COM

The FQDN "myServer.myDomain.com" must be registered in NDS server as:

DNS: 
    (forward) myServer     --> 10.11.12.13
    (reverse) 10.11.12.13  --> myServer.myDomain.com


 Profile | Reply Points Earned: 0

 
Powered by ForumEasy © 2003-2005, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.