Am 08.03.25 um 21:23 schrieb Ken Hornstein:
If you are using MIT Kerberos (anything 1.10 or newer) on the LDAP server, you can use the krb5.conf configuration entry "ignore_acceptor_hostname" to allow the server to match on any valid hostname. See details here:Hi Ken, that did it. Thank you. Now we get the ticket trough the loadbalancer. But OpenLDAP is complaining about the name of the principal is not matching the fqd. WE now will go the way without the load balancer. We will use SRV-records.Hm, _OpenLDAP_ is complaining? Are you sure? Like, how does it even know? Exactly what error are you getting? --Ken
KRB5_TRACE=/dev/stdout kinit <principal>is showing that I connect to the LDAP-Server and the LDAP-server is responding and sending me a service-ticket I can see with "klist". But then I got an err=49 from the LDAP-Server. I can see it in the log of the LDAP-Server.
smime.p7s
Description: Kryptografische S/MIME-Signatur
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
