[CalendarServer-dev] calendarserver on linux via NssDirectory
Guido Günther
agx at sigxcpu.org
Thu Mar 5 00:28:40 PST 2009
Hi Marco,
On Mon, Mar 02, 2009 at 12:50:43PM +0100, Marco Ghidinelli wrote:
> On 02/26/2009 04:08 PM, Guido Günther wrote:
>
> sorry for the delay.
>
>> On Mon, Feb 23, 2009 at 03:58:33PM +0100, Marco Ghidinelli wrote:
>>> hello,
>>>
>>> i've successfully tried calendarserver with accounts.xml users, and now
>>> i'm trying to integrate it with my activedirectory domain.
>> To use nss you need a patch that is not in mainline. Did you apply that
>> one?
>
> i'm using the debian package, which i think already integrates those
> patches.
>
> calendarserver 1.2.dfsg-8
Yes, it's all in there.
>
>>> getent passwd shows all users account correcly (i use the winbind nss
>>> "plugin") and the kerberos authentication (from the kinit commandline)
>>> works.
>> Did you set network.negotiate-auth.trusted-uris in firefox?
>
> yes, on iceweasel(firefox) and on iceowl(sunbird).
>
> network.negotiate-auth.trusted-uris: http://
>
> the machine is a clean debian 5.0.
And you have enabled kerberos in /etc/caldavd/caldavd.plist:
<!-- Kerberos/SPNEGO -->
<key>Kerberos</key>
<dict>
<key>Enabled</key>
<true/>
<key>ServicePrincipal</key>
<string>HTTP/server.example.com at EXAMPLE.COM</string>
</dict>
Does the user have a valid HTTP/... ticket after trying to authenticate
in its keytab? Besides that I'm a bit out of ideas.
-- Guido
More information about the calendarserver-dev
mailing list