 |
 |
Hi Andreas, If you are using an old (really old) client you will get this problem as it doesn't send its hostname. The sss preferentially checks for a hostname match but if one does not get sent (as is the case in old clients) it checks the ip address. So, we eed to reconcile which versions are being used. Andy P.S. Does the client actually have a hostname? On Tue, 14 Oct 2014, apeters1971 wrote: > We have the following problem that 'sss' authentication behind a NAT does not work. > > As expected the symptom is a name/ip mismatch: > ``` > 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdProtocol: 0100 req=3000 dlen=151 > sec_PM: Using sss protocol, args='0.13:/etc/sss.keytab' > 141014 11:53:19 17643 XrootdXeq: User authentication failed; IP address mismatch. > 141014 11:53:19 17643 root.4168:21@asa-uefke-grid-01 XrootdResponse: 0100 sending err 3010: IP address mismatch. > ``` > Was this case forseen in the 'sss' authentication model? > > > > --- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/147 --- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/147#issuecomment-59089434 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1