From owner-freebsd-questions@FreeBSD.ORG Sat Jul 25 12:55:37 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 243321065674 for ; Sat, 25 Jul 2009 12:55:37 +0000 (UTC) (envelope-from chuckop@gmail.com) Received: from mail-gx0-f217.google.com (mail-gx0-f217.google.com [209.85.217.217]) by mx1.freebsd.org (Postfix) with ESMTP id CB9948FC27 for ; Sat, 25 Jul 2009 12:55:36 +0000 (UTC) (envelope-from chuckop@gmail.com) Received: by gxk17 with SMTP id 17so3868113gxk.19 for ; Sat, 25 Jul 2009 05:55:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=uE8ZDqHM3CeXDqxEWrdmZeIBrHZ3A76oK43qYyu38eo=; b=uF8KZMSayf97rdqOAZ4B3xf2gyrsErx3rsAWs9FP0A38dyXQq6NqGfPjTL+vsFT+e5 +02XopLTl/E8V/r4UZunJpDEhwOcddZ09cS4MYBKstDy3z/+QlK91tyAsDeAmLewx3Pm n1YrN9WqiKp9kDih7xcu5EKwxi4h1FgstqBJ4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=lGUi49UME0FRmGvC+ggBKAinzi4kRqVcqX3Zf6/PJ36AlpPjoteERQAaMn8gaix3Yx L0UD9+NRFklr74TS+6ubIfuE2C73fv0vL8CZ2O0jNWlMGWP/TOmUrRf/UDDgd1jImv1m 54RlHBZBeLEC5NsN2+vwtbd5+MQBqHaPVU2ec= Received: by 10.150.205.17 with SMTP id c17mr7348296ybg.26.1248525021123; Sat, 25 Jul 2009 05:30:21 -0700 (PDT) Received: from ?192.168.1.100? (145-115.127-70.tampabay.res.rr.com [70.127.115.145]) by mx.google.com with ESMTPS id 23sm1798001ywh.8.2009.07.25.05.30.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 25 Jul 2009 05:30:20 -0700 (PDT) Message-ID: <4A6AFAD8.3000103@gmail.com> Date: Sat, 25 Jul 2009 08:30:16 -0400 From: Charles Oppermann User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090715 Thunderbird/3.0b3 MIME-Version: 1.0 To: Matthias Apitz , freebsd-questions@freebsd.org References: <20090724171000.GA2427@current.Sisis.de> In-Reply-To: <20090724171000.GA2427@current.Sisis.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Evolution 2.24.5 && Exchange && can't Subscribe to Other user's Calendar X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Jul 2009 12:55:37 -0000 On 7/24/2009 1:10 PM, Matthias Apitz wrote: > Using the mentioned environment (on FreeBSD 8-CURRENT) I can't Subscribe > to Other user's Calendar in the Exchange server (don't blame me for > this, using Exchange :-)) . It fails with a more or less stupid message > about wrong password. > Exchange is an excellent mail handling system, with lots of benefits, no need to trash it here. It's not a stupid message; it's telling you it can't authenticate you. To tell you explicitly "cannot find credentials servers and services" would be a security hole, because if it could find them and merely told you "bad authentication" you'd know you have a bad password, and could try a different one. > I've watched with TCPDUMP what's happening when I access in the Menue > 'Subscribe to Other user's Calendar': it does a DNS lookup for > kerberos.OCLC.org which is failing (yyy.yyy.yyy.yyy is our DNS server, > xxx.xxx.xxx.xxx is my laptop): > 10:43:53.583797 IP xxx.xxx.xxx.xxx.34455> yyy.yyy.yyy.yyy.53: 43976+ SRV? _kerberos._udp.OCLC.ORG. (41) > 10:43:53.585520 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.34455: 43976 NXDomain 0/1/0 (91) > 10:43:53.586181 IP xxx.xxx.xxx.xxx.51100> yyy.yyy.yyy.yyy.53: 48460+ SRV? _kerberos._tcp.OCLC.ORG. (41) > 10:43:53.587866 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.51100: 48460 NXDomain 0/1/0 (91) > 10:43:53.588479 IP xxx.xxx.xxx.xxx.23102> yyy.yyy.yyy.yyy.53: 46661+ SRV? _kerberos._http.OCLC.ORG. (42) > 10:43:53.590098 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.23102: 46661 NXDomain 0/1/0 (92) > 10:43:53.590505 IP xxx.xxx.xxx.xxx.57028> yyy.yyy.yyy.yyy.53: 45174+ A? kerberos.OCLC.ORG. (35) > 10:43:53.592087 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.57028: 45174 NXDomain 0/1/0 (85) > 10:43:53.592241 IP xxx.xxx.xxx.xxx.54405> yyy.yyy.yyy.yyy.53: 45175+ AAAA? kerberos.OCLC.ORG. (35) > 10:43:53.593850 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.54405: 45175 NXDomain 0/1/0 (85) > > The domain OCLC.ORG is the part of my mail addr, i.e. my addr is. > The IT folks of my company gave me the hint that the above nslookup should not > be, for example, '_kerberos._udp.OCLC.ORG', but '_kerberos._udp.oa.OCLC.ORG' > (i.e. in the zone oa.OCLC.ORG) which indead is working with nslookup: > > $ nslookup -type=SRV '_kerberos._udp.oa.OCLC.ORG' > Server: yyy.yyy.yyy.yyy > Address: yyy.yyy.yyy.yyy#53 > > Non-authoritative answer: > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc5server.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc01ewbe.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc1server.oa.oclc.org. > _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc2server.oa.oclc.org. > ... > > Why Evo is asking for '_kerberos._udp.OCLC.ORG' and not for '_kerberos._udp.oa.OCLC.ORG' > Active Directory LDAP schemes can be mis-configured and yet still appear to work. Check earlier to see if Evolution or PAM (if you're using PAM), was given oa.oclc.org or just oclc.org. What domain are you in? It's possible that Evolution assumes that SMTP address reflects your domain. If you are in the OA domain, it should not hurt to list your address as xxxx@oa.oclc.org. Mail sent to xxxx@oclc.org will still find you, and you can set the reply-to: header field to xxxx@oclc.org. I have this issue at work, as for testing purposes my email address is currently chuckop@exchange.microsoft.com, but the alias chuckop@microsoft.com works as well. But my email client keeps wanting to send @exchange.microsoft.com which confuses my friends into thinking my email address has changed. Good luck and let us know.