On Wednesday 09 May 2007 15:27:00 Trevor Dell wrote:
> I've been working on getting AD working as a login authority in SGD 4.3
> and Solaris 10u3 x86. I believe I'm getting much closer. I finally got
> kerberos configured. Now I can kinit, and can change passwords with
> kpasswd. Also, this a single DC configuration.
>
> Now I'm receiving these errors:
> (hostnames have been edited to protect the innocent)
>
> 2007/05/09 16:01:32.608 (pid 15578) server/ldap/error
> #1178748092608
> Sun Secure Global Desktop Software (4.3) ERROR:
>
> Active Directory service discovery failed: Failed to get IP addresses
> for the peer DNS name
> Looking up Global Catalog DNS name: _gc._tcp.example.com. - HIT
> Looking for GC on server: Active
> Directory:ad01.example.com:/192.168.43.22:3268:Up - HIT
> Checking for CN=Configuration: DC=example,DC=com - MISS
> Checking for CN=Configuration: CN=Configuration,DC=example,DC=com - HIT
> Looking up domain root context: DC=example,DC=com - HIT
> Looking up site context: CN=Sites,CN=Configuration
> Searching for sites: (&(objectClass=site)(siteObjectBL=*)) - HIT
> Looking up addresses for peer DNS: sgd01 - HIT
>
>
> Failed to discover Active Directory Site, Domain and server data.
> This might mean LDAP users cannot log in.
>
> Make sure the DNS server contains the Active Directory service
> records for the forest. Make sure a Global Catalog server is available.
>
> 2007/05/09 16:01:32.615 (pid 15578) server/ldap/error
> #1178748092615
> Sun Secure Global Desktop Software (4.3) ERROR:
>
> LDAP call failed: null
> lookupLink-.../_ldapmulti/forest/("DC=EXAMPLE,DC=COM") 219ms
> javax.naming.NameNotFoundException: Failed to get IP addresses for the
> peer DNS name.
>
> A call to LDAP failed. This might mean LDAP users cannot log in.
>
> Check the operation was correct, the LDAP configuration is valid, and the
> LDAP server is still running.
>
>
>
> Anyone have any ideas, or any tips to get this working, that's not in
> the 3 pages of the 'official' documentation?
>
> - Trev
I don't have an answer for you but I do have a similar problem.
http://www.mail-archive.com/sgd-users%40filibeto.org/msg00221.html
If you are running the MS DNS it is probably not an issue, but look at DNS
resolution for the DC's, along with the _tcp entries that should exist.
I've not heard of any solution but we have managed to "work around" the issue
by using unix auth and setting up ad auth for the entire system. But I would
also be glad to see a SGD solution.
Christian McHugh
Northern Arizona University
_______________________________________________
SGD-Users mailing list
[email protected]
http://node1.filibeto.org/mailman/listinfo/sgd-users
