Fw: [cvsnt] Problem using cvsnt and gssapi
Tony Hoyle
tmh at nodomain.org
Fri Feb 4 14:38:55 GMT 2005
andreas_bergen at delmia.de wrote:
> Well there you are right. It was rather difficult to configure, but after
> quite some time I got it working (on Unix). Why doesn't it work the same
> on Windows?
It does, once you get AD to play ball. On a pure Windows->Windows
connection it even works seamlessly, and Unix->Windows is hard but can
work (I can't work it out at the moment but have had it work in the
past) pretty easy. Unix servers are the pain (I once got one of those
to work by accident and never repeated it).
> Is it possible that there's a problem with the encryption types or
> case-settings of the SPN? I have one single SPN called
> cvs/wodka2deg.deg.ds at DS. Should I have additional like CVS/... or
> CVS/WODKA2DEG or cvs/wodkadeg?
You'll need an SPN for the exact machine name you're using to connect.
(Active directory servers always create two - one for the DNS name and
one for the Netbios name).
I've actually changed the code recently to try a lot harder to work out
the FQDN, but it's still a good idea to have both.
> What exactly does this WinbindWrapper do? Is there some documentation
> about that? How does the Unix-CVSNT-Server verify the credentials? Do I
http://www.samba.org/samba/docs/man/ntlm_auth.1.html
It isn't particularly well documented but there's enough there to make
servers with.
> Why can't I connect directly using gssapi from the Windows-machine as
> there's MIT-kerberos installed, too?
You'd need the MIT version of the gserver protocol, which isn't shipped
by default on Win32.
Tony
More information about the cvsnt
mailing list