Date: Sat, 25 Jul 2009 08:30:16 -0400 From: Charles Oppermann <chuckop@gmail.com> To: Matthias Apitz <guru@unixarea.de>, freebsd-questions@freebsd.org Subject: Re: Evolution 2.24.5 && Exchange && can't Subscribe to Other user's Calendar Message-ID: <4A6AFAD8.3000103@gmail.com> In-Reply-To: <20090724171000.GA2427@current.Sisis.de> References: <20090724171000.GA2427@current.Sisis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/24/2009 1:10 PM, Matthias Apitz wrote: > Using the mentioned environment (on FreeBSD 8-CURRENT) I can't Subscribe > to Other user's Calendar in the Exchange server (don't blame me for > this, using Exchange :-)) . It fails with a more or less stupid message > about wrong password. > Exchange is an excellent mail handling system, with lots of benefits, no need to trash it here. It's not a stupid message; it's telling you it can't authenticate you. To tell you explicitly "cannot find credentials servers and services" would be a security hole, because if it could find them and merely told you "bad authentication" you'd know you have a bad password, and could try a different one. > I've watched with TCPDUMP what's happening when I access in the Menue > 'Subscribe to Other user's Calendar': it does a DNS lookup for > kerberos.OCLC.org which is failing (yyy.yyy.yyy.yyy is our DNS server, > xxx.xxx.xxx.xxx is my laptop): > 10:43:53.583797 IP xxx.xxx.xxx.xxx.34455> yyy.yyy.yyy.yyy.53: 43976+ SRV? _kerberos._udp.OCLC.ORG. (41) > 10:43:53.585520 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.34455: 43976 NXDomain 0/1/0 (91) > 10:43:53.586181 IP xxx.xxx.xxx.xxx.51100> yyy.yyy.yyy.yyy.53: 48460+ SRV? _kerberos._tcp.OCLC.ORG. (41) > 10:43:53.587866 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.51100: 48460 NXDomain 0/1/0 (91) > 10:43:53.588479 IP xxx.xxx.xxx.xxx.23102> yyy.yyy.yyy.yyy.53: 46661+ SRV? _kerberos._http.OCLC.ORG. (42) > 10:43:53.590098 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.23102: 46661 NXDomain 0/1/0 (92) > 10:43:53.590505 IP xxx.xxx.xxx.xxx.57028> yyy.yyy.yyy.yyy.53: 45174+ A? kerberos.OCLC.ORG. (35) > 10:43:53.592087 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.57028: 45174 NXDomain 0/1/0 (85) > 10:43:53.592241 IP xxx.xxx.xxx.xxx.54405> yyy.yyy.yyy.yyy.53: 45175+ AAAA? kerberos.OCLC.ORG. (35) > 10:43:53.593850 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.54405: 45175 NXDomain 0/1/0 (85) > > The domain OCLC.ORG is the part of my mail addr, i.e. my addr is<xxxxxxxxx@OCLC.ORG>. > The IT folks of my company gave me the hint that the above nslookup should not > be, for example, '_kerberos._udp.OCLC.ORG', but '_kerberos._udp.oa.OCLC.ORG' > (i.e. in the zone oa.OCLC.ORG) which indead is working with nslookup: > > $ nslookup -type=SRV '_kerberos._udp.oa.OCLC.ORG' > Server: yyy.yyy.yyy.yyy > Address: yyy.yyy.yyy.yyy#53 > > Non-authoritative answer: > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc5server.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc01ewbe.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc1server.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc2server.oa.oclc.org. > ... > > Why Evo is asking for '_kerberos._udp.OCLC.ORG' and not for '_kerberos._udp.oa.OCLC.ORG' > Active Directory LDAP schemes can be mis-configured and yet still appear to work. Check earlier to see if Evolution or PAM (if you're using PAM), was given oa.oclc.org or just oclc.org. What domain are you in? It's possible that Evolution assumes that SMTP address reflects your domain. If you are in the OA domain, it should not hurt to list your address as xxxx@oa.oclc.org. Mail sent to xxxx@oclc.org will still find you, and you can set the reply-to: header field to xxxx@oclc.org. I have this issue at work, as for testing purposes my email address is currently chuckop@exchange.microsoft.com, but the alias chuckop@microsoft.com works as well. But my email client keeps wanting to send @exchange.microsoft.com which confuses my friends into thinking my email address has changed. Good luck and let us know.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6AFAD8.3000103>