=== Step 1: turn off your firewall ===

Make sure any and all firewalls are disabled.

Make sure you can send UDP packets to HCOOP by typing

{{{
traceroute deleuze.hcoop.net
}}}

The last line should say "deleuze.hcoop.net" and have NO ASTERISKS.  If this is not the case, fix your firewall or your network.

=== Step 2: check your krb5.conf ===

Examine your `/etc/krb5.conf` (or, on MacOS, your `/Library/Preferences/edu.mit.Kerberos` file).

Make sure that `dns_lookup_kdc` or `dns_lookup_realm` options are NOT DISABLED.  They should be on-by-default, but just in case your linux distribution packager decided to be retarded and changed that, try adding

{{{
[libdefaults]
  dns_lookup_kdc   = true
  dns_lookup_realm = true
}}}

=== Step 3: make sure your DNS is working ===

Install the `dig` program and type

{{{
dig -t SRV _kerberos._udp.hcoop.net
}}}

You should see `kerberos1.hcoop.net` in the output.

=== Step 4: post to hcoop-discuss ===

Make sure to include:

1. Your entire krb5.conf
2. The output of all the commands in steps 1 and 3.


=== Client side firewall Setting ===

If you are using a firewall you might want to open it for UDP packets to and from deleuze.hcoop.net:88. Lines
for [http://www.netfilter.org/ iptables] saved rules ''might'' look like the following: 

{{{
 [0:0] -A INPUT -s 69.90.123.67 -p udp -m udp --sport 88 --dport 1024:65535 -j ACCEPT
}}}

{{{
 [0:0] -A OUTPUT -d 69.90.123.67 -p udp -m udp --dport 88 --sport 1024:65535 -j ACCEPT
}}}

Put them before any rules that conflicts them (and before 'COMMIT' line in the saved rules file).