[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Squeeze Debian-Edu is working more and more.



[Andreas Schockenhoff]
> I run into this problem.  
> 
> ldapvi --host ldap -ZZ --bind simple --tls allow -D
> 'cn=super-admin,ou=People,dc=skole,dc=skolelinux,dc=no' 
> ldap_start_tls_s: Connect error (-11)
> additional info: TLS: hostname does not match CN in peer certificate

You need to use FQDN, ie ldap.intern as the --host parameter to avoid
this.

> The netgroup is a solution that based on IPs so it is not really
> secure.  Now we have Kerberos running is there an other solution? So
> may be we do not need the netgroups.

Netgroups are used for NFS exports, network filtering and
shutdown-at-night features.  Not all of these can be repaced by
kerberos.

Happy hacking,
-- 
Petter Reinholdtsen


Reply to: