Evolution 2.24.5 && Exchange && can't Subscribe to Other user's
chuckop at gmail.com
Sat Jul 25 12:55:37 UTC 2009
On 7/24/2009 1:10 PM, Matthias Apitz wrote:
> Using the mentioned environment (on FreeBSD 8-CURRENT) I can't Subscribe
> to Other user's Calendar in the Exchange server (don't blame me for
> this, using Exchange :-)) . It fails with a more or less stupid message
> about wrong password.
Exchange is an excellent mail handling system, with lots of benefits, no
need to trash it here.
It's not a stupid message; it's telling you it can't authenticate you.
To tell you explicitly "cannot find credentials servers and services"
would be a security hole, because if it could find them and merely told
you "bad authentication" you'd know you have a bad password, and could
try a different one.
> I've watched with TCPDUMP what's happening when I access in the Menue
> 'Subscribe to Other user's Calendar': it does a DNS lookup for
> kerberos.OCLC.org which is failing (yyy.yyy.yyy.yyy is our DNS server,
> xxx.xxx.xxx.xxx is my laptop):
> 10:43:53.583797 IP xxx.xxx.xxx.xxx.34455> yyy.yyy.yyy.yyy.53: 43976+ SRV? _kerberos._udp.OCLC.ORG. (41)
> 10:43:53.585520 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.34455: 43976 NXDomain 0/1/0 (91)
> 10:43:53.586181 IP xxx.xxx.xxx.xxx.51100> yyy.yyy.yyy.yyy.53: 48460+ SRV? _kerberos._tcp.OCLC.ORG. (41)
> 10:43:53.587866 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.51100: 48460 NXDomain 0/1/0 (91)
> 10:43:53.588479 IP xxx.xxx.xxx.xxx.23102> yyy.yyy.yyy.yyy.53: 46661+ SRV? _kerberos._http.OCLC.ORG. (42)
> 10:43:53.590098 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.23102: 46661 NXDomain 0/1/0 (92)
> 10:43:53.590505 IP xxx.xxx.xxx.xxx.57028> yyy.yyy.yyy.yyy.53: 45174+ A? kerberos.OCLC.ORG. (35)
> 10:43:53.592087 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.57028: 45174 NXDomain 0/1/0 (85)
> 10:43:53.592241 IP xxx.xxx.xxx.xxx.54405> yyy.yyy.yyy.yyy.53: 45175+ AAAA? kerberos.OCLC.ORG. (35)
> 10:43:53.593850 IP yyy.yyy.yyy.yyy.53> xxx.xxx.xxx.xxx.54405: 45175 NXDomain 0/1/0 (85)
> The domain OCLC.ORG is the part of my mail addr, i.e. my addr is<xxxxxxxxx at OCLC.ORG>.
> The IT folks of my company gave me the hint that the above nslookup should not
> be, for example, '_kerberos._udp.OCLC.ORG', but '_kerberos._udp.oa.OCLC.ORG'
> (i.e. in the zone oa.OCLC.ORG) which indead is working with nslookup:
> $ nslookup -type=SRV '_kerberos._udp.oa.OCLC.ORG'
> Server: yyy.yyy.yyy.yyy
> Address: yyy.yyy.yyy.yyy#53
> Non-authoritative answer:
> _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc5server.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc01ewbe.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc1server.oa.oclc.org.
> _kerberos._udp.oa.OCLC.ORG service = 0 100 88 oadc2server.oa.oclc.org.
> Why Evo is asking for '_kerberos._udp.OCLC.ORG' and not for '_kerberos._udp.oa.OCLC.ORG'
Active Directory LDAP schemes can be mis-configured and yet still appear
to work. Check earlier to see if Evolution or PAM (if you're using
PAM), was given oa.oclc.org or just oclc.org.
What domain are you in? It's possible that Evolution assumes that SMTP
address reflects your domain. If you are in the OA domain, it should
not hurt to list your address as xxxx at oa.oclc.org. Mail sent to
xxxx at oclc.org will still find you, and you can set the reply-to: header
field to xxxx at oclc.org.
I have this issue at work, as for testing purposes my email address is
currently chuckop at exchange.microsoft.com, but the alias
chuckop at microsoft.com works as well. But my email client keeps wanting
to send @exchange.microsoft.com which confuses my friends into thinking
my email address has changed.
Good luck and let us know.
More information about the freebsd-questions