The funny thing is that no packages are send to the Kerberos server if I contact the VIP. Contacting the real server immediately initiates some communication with the Kerberos server. I already thought it could be a problem with the loopback interface for the VIP one has to configure on the real servers to make direct routing working. But maybe I am completely wrong. I already checked the Kerberos configuration and the keytab files. For me they look fine.
Do you mean it should in principle work so sso and loadbalancing does not bite each other? Pedro > Von: [email protected] [mailto:lvs-users- > [email protected]] Im Auftrag von Graeme Fowler > Gesendet: Freitag, 5. Februar 2010 13:00 > An: LinuxVirtualServer.org users mailing list. > Betreff: Re: [lvs-users] SSO (single sign on) problem with loadbalancer > > On Fri, 2010-02-05 at 10:23 +0100, Huesser Peter wrote: > > None of this works. Connecting directly to the host sso works fine if > I > > use the first or third keytab file but connecting via loadbalancer > does > > not work. So I have two questions: > > > > - Does somebody has a similar situation which works? > > - If yes: any ideas what could be wrong in my settings? > > It sounds like the load-balanced service isn't aware that it has a > "virtual" hostname. If the tickets with the server hostnames work, but > the one with the virtual hostname as the SPN doesn't, then the > application or server(s) aren't aware of the virtual SPN. > > This is almost certainly a kerberos mapping problem, rather than an LVS > one. > > Graeme > > > _______________________________________________ > Please read the documentation before posting - it's available at: > http://www.linuxvirtualserver.org/ > > LinuxVirtualServer.org mailing list - [email protected] > Send requests to [email protected] > or go to http://lists.graemef.net/mailman/listinfo/lvs-users _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
