welcome: please sign in

Revision 2 as of 2007-06-05 02:56:34

Clear message
Edit

MemberManual / ShellAccess / TroubleshootingKerberos

1. Step 1: turn off your firewall

Make sure any and all firewalls are disabled.

Make sure you can send UDP packets to HCOOP by typing

traceroute deleuze.hcoop.net

The last line should say "deleuze.hcoop.net" and have NO ASTERISKS. If this is not the case, fix your firewall or your network.

2. Step 2: check your krb5.conf

Examine your /etc/krb5.conf (or, on MacOS, your /Library/Preferences/edu.mit.Kerberos file).

Make sure that dns_lookup_kdc or dns_lookup_realm options are NOT DISABLED. They should be on-by-default, but just in case your linux distribution packager decided to be retarded and changed that, try adding

[libdefaults]
  dns_lookup_kdc   = true
  dns_lookup_realm = true

3. Step 3: make sure your DNS is working

Install the dig program and type

dig -t SRV _kerberos._udp.hcoop.net

You should see kerberos1.hcoop.net in the output.

4. Step 4: post to hcoop-discuss

Make sure to include:

1. Your entire krb5.conf 2. The output of all the commands in steps 1 and 3.

5. Client side firewall Setting

If you are using a firewall you might want to open it for UDP packets to and from deleuze.hcoop.net:88. Lines for [http://www.netfilter.org/ iptables] saved rules might look like the following:

 [0:0] -A INPUT -s 69.90.123.67 -p udp -m udp --sport 88 --dport 1024:65535 -j ACCEPT

 [0:0] -A OUTPUT -d 69.90.123.67 -p udp -m udp --dport 88 --sport 1024:65535 -j ACCEPT

Put them before any rules that conflicts them (and before 'COMMIT' line in the saved rules file).