Hi, I'm getting further along with my problem, and I think its coming down to the fact that we've got 2 AD domains here.
Right now, I'm having problems using the KrbServiceName directive in .htaccess. I've had to get two different principles mapped to user accounts and put in the keytab (one for each AD domain) using ktpass.exe, and now my machine is getting a ticket for the service principle for the webserver (as shown by kerbtray.exe). However, the error log on the webserver is telling me "Wrong principal in request". I've tried adding a KrbServiceName directive, but I consistently get an error message that reads "Hostname cannot be canonicalized" if I include the realm, or "No principal in keytab matches desired name" if I don't. What I suspect I need is HTTP/[EMAIL PROTECTED] (which is the service principle mapped to the user account on the domain.ac.uk AD domain), along with HTTP/[EMAIL PROTECTED] (which is the equivalent on the nulcollege.ac.uk AD domain, and also I believe is the principle that the server is expecting). However, when I enter either the full HTTP/[EMAIL PROTECTED] I get the first error message, and when I enter HTTP/webtest.nulcollege.ac.uk I get the second one. Can someone tell me where I'm going wrong with this directive? Any examples for entries that actually work? Would I be better of just mapping a new service principle such as www/[EMAIL PROTECTED] on the domain.ac.uk AD domain to avoid having two service principles starting with the same string? Thanks in advance for any advice given. Martin Goldstone | IT Technician Newcastle-under-Lyme College, Staffordshire, ST5 2DF 01782 254307 | [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
