Evolution 2.24.5 && Exchange && can't Subscribe to Other user's Calendar

Charles Oppermann chuckop at gmail.com
Sat Jul 25 12:55:37 UTC 2009

On 7/24/2009 1:10 PM, Matthias Apitz wrote:
> Using the mentioned environment (on FreeBSD 8-CURRENT) I can't Subscribe
> to Other user's Calendar in the Exchange server (don't blame me for
> this, using Exchange :-)) . It fails with a more or less stupid message
> about wrong password.
Exchange is an excellent mail handling system, with lots of benefits, no 
need to trash it here.

It's not a stupid message; it's telling you it can't authenticate you.  
To tell you explicitly "cannot find credentials servers and services" 
would be a security hole, because if it could find them and merely told 
you "bad authentication" you'd know you have a bad password, and could 
try a different one.
> I've watched with TCPDUMP what's happening when I access in the Menue
> 'Subscribe to Other user's Calendar': it does a DNS lookup for
> kerberos.OCLC.org which is failing (yyy.yyy.yyy.yyy is our DNS server,
> xxx.xxx.xxx.xxx is my laptop):
> 10:43:53.583797 IP xxx.xxx.xxx.xxx.34455>  yyy.yyy.yyy.yyy.53: 43976+ SRV?  _kerberos._udp.OCLC.ORG. (41)
> 10:43:53.585520 IP yyy.yyy.yyy.yyy.53>  xxx.xxx.xxx.xxx.34455: 43976 NXDomain 0/1/0 (91)
> 10:43:53.586181 IP xxx.xxx.xxx.xxx.51100>  yyy.yyy.yyy.yyy.53: 48460+ SRV?  _kerberos._tcp.OCLC.ORG. (41)
> 10:43:53.587866 IP yyy.yyy.yyy.yyy.53>  xxx.xxx.xxx.xxx.51100: 48460 NXDomain 0/1/0 (91)
> 10:43:53.588479 IP xxx.xxx.xxx.xxx.23102>  yyy.yyy.yyy.yyy.53: 46661+ SRV?  _kerberos._http.OCLC.ORG. (42)
> 10:43:53.590098 IP yyy.yyy.yyy.yyy.53>  xxx.xxx.xxx.xxx.23102: 46661 NXDomain 0/1/0 (92)
> 10:43:53.590505 IP xxx.xxx.xxx.xxx.57028>  yyy.yyy.yyy.yyy.53: 45174+ A?  kerberos.OCLC.ORG. (35)
> 10:43:53.592087 IP yyy.yyy.yyy.yyy.53>  xxx.xxx.xxx.xxx.57028: 45174 NXDomain 0/1/0 (85)
> 10:43:53.592241 IP xxx.xxx.xxx.xxx.54405>  yyy.yyy.yyy.yyy.53: 45175+ AAAA?  kerberos.OCLC.ORG. (35)
> 10:43:53.593850 IP yyy.yyy.yyy.yyy.53>  xxx.xxx.xxx.xxx.54405: 45175 NXDomain 0/1/0 (85)
> The domain OCLC.ORG is the part of my mail addr, i.e. my addr is<xxxxxxxxx at OCLC.ORG>.
> The IT folks of my company gave me the hint that the above nslookup should not
> be, for example, '_kerberos._udp.OCLC.ORG', but '_kerberos._udp.oa.OCLC.ORG'
> (i.e. in the zone oa.OCLC.ORG) which indead is working with nslookup:
> $ nslookup -type=SRV '_kerberos._udp.oa.OCLC.ORG'
> Server:         yyy.yyy.yyy.yyy
> Address:        yyy.yyy.yyy.yyy#53
> Non-authoritative answer:
> _kerberos._udp.oa.OCLC.ORG      service = 0 100 88 oadc5server.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG      service = 0 100 88 oadc01ewbe.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG      service = 0 100 88 oadc1server.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG      service = 0 100 88 oadc2server.oa.oclc.org.
> ...
> Why Evo is asking for '_kerberos._udp.OCLC.ORG' and not for '_kerberos._udp.oa.OCLC.ORG'
Active Directory LDAP schemes can be mis-configured and yet still appear 
to work.  Check earlier to see if Evolution or PAM (if you're using 
PAM), was given oa.oclc.org or just oclc.org.

What domain are you in?  It's possible that Evolution assumes that SMTP 
address reflects your domain.  If you are in the OA domain, it should 
not hurt to list your address as xxxx at oa.oclc.org.  Mail sent to 
xxxx at oclc.org will still find you, and you can set the reply-to: header 
field to xxxx at oclc.org.

I have this issue at work, as for testing purposes my email address is 
currently chuckop at exchange.microsoft.com, but the alias 
chuckop at microsoft.com works as well.  But my email client keeps wanting 
to send @exchange.microsoft.com which confuses my friends into thinking 
my email address has changed.

Good luck and let us know.

More information about the freebsd-questions mailing list