Michael B Allen <[email protected]> wrote: > In general, both the MIT and Heimdal clients are not optimized for a > Windows environment. We have an AD integration product that uses > Heimdal that we made a lot of changes to try to better emulate Windows > behavior.
Please just stop trying to sell folks your product using this list. ----- It sounds like all this guy needs is proper [domain_realm settings] in krb5.conf and possibly a proper [capaths] sections if a realm trust is involved. (Its not clear to me if there is just a single realm or not.) It sounds like AD is configured to do dynamic DNS for A record registration but is not authoritative for PTR registration and this is causing problems b/c AD thinks the name should be in one domain and in reality the PTR is in another. (We have the exact same problem where I work.) I think the solution is to ignore the AD name and use the fqdn that the reverse lookup returns. If you join #kerberos on the Freenode IRC network there are folks there who would be willing to try and help for free and NOT try and sell you some Active Directory integration product. <<CDC ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
