Bookmark this site!

2006-07-09

Kerberos Login Failed

Kerberos Login Failed:
The specified realm is not in your configuration file or does not exist

Why do I get this error message, and how can I fix the problem?

The realm is intentionally not in my configuration file. I've selected "Configure additional realms automatically using DNS" in the Settings pane of the Edit Realms dialog summoned from the Kerberos Edit menu.

Of course the realm exists. This should work - Kerberos just cant find the realm as the DNS is broken. Autoconfiguration should be achieved using using DNS TXT records [RFC 1035]. Some, not RFC compliant, DNS servers (in particular the one shipped with my SpeedTouch Alcatel 510 modem - I have an old 510v3; the problem occurs with both LEFTAA3.721 andLEFTAA3.716 firmware) can't resolve the TXT record query.

A solution is to provide explicitly the IP address of a competent DNS server (such as the one your ISP provides) in the TCP/IP pane of Network preferences. Once this is done, autoconfiguration works fine.

2006-07-02

Airport WDS daisy-chain

Update: see also Airport Extreme WDS daisy-chain

WDS stands for Wireless Distribution System.

WDS lets you link together a number of airport base stations (access points) to extend the coverage of your wireless network. Remote base stations connect via relay base stations back to a main base station that is connected to the internet.

I have a network with a router connected to six access points (3 Airport Extreme, 3 Airport Express) connected wirelessly to span across three floors in three adjacent houses.


           relay1 - relay2 - relay3
           /                     \         
router = main                  remote1
           \      
           remote2

The connection between router and main base station is a wire (ethernet cable in my case, but could be USB); the other connections are wireless. You have to configure each access point correctly to make this work. Each base station will eventually be configured with the ID of the base station which links it back to the root and the IDs of the base stations it serves.

Setting this up is a pain, since if something gets messed up you may have to reconfigure each and every access point from scratch— here's how to get it right first time.

The basic idea is to view the network as a tree, and to build the network step-by-step from the router (the root of the tree) to the remote base stations (the leaves of the tree). We first set up the root (main base station), then add leaves (remote base stations) directly connected to the root, then extend the tree by converting these leaves to branches (relay base stations) and adding new leaves.

Should you later want to change the channel your network uses, you can do this without rebuilding the entire configuration, by changing the channel used by the leaves first, and then working your way back up the tree until finally you change the channel used by the root. You can do this using the wireless connectivity - but until you finish, the base stations you have already changed will be inaccessible.

Plan First

How do you connect to the internet?
I have an ADSL router (Speedtouch 150) set up as a DHCP server. Each client machine uses DHCP to connect; each access point acts a bridge (uncheck "Distribute IP addresses" in the Network pane).
Where will the base stations be sited?
The main base station is wired to the router. Each access point must be linked back to the main base station by a single "daisy chain" of wireless hops. Choose your locations and plan your links so that the wireless signal can easily make each hop.
Each access point can also link to wireless clients. Make sure that together they provide the coverage you need.
What wireless service will your network provide?
  • 802.11b/802.11g? You can mix and match here. I have the main AP providing 11b+11g to support a legacy macine with 802.11b airport card, and the rest on pure 11g.
  • Which channel will you use? All your access points must use the same channel. Sniff out what your neighbours are doing and try to leave two channels clear between you and them. iStumbler is the tool I use, also get the Spectrum widget from the same place.
  • What security do you need? The security setup (WEP/WPA + number of bits + password) must be the same for every AP
What is the name of your wireless network?
You will also need to choose a name for each access point.

Prepare (base step, setting up the root)

Make sure you have the latest Software Updates installed - preferably on a laptop. Equip yourself with a spare ethernet cable. Label each access point with its name and airport ID (use a PostIt note). Keep a list of the names and airport IDs, and draw a diagram showing how you plan to connect your network.

Connect your main base station to your ADSL router or cable modem, and power it on. Launch Airport Admin Utility and configure this base station.

Airport tab
Set the base station name. set the network name, channel, mode, security.
Internet tab
Connect using Ethernet; Configure using DHCP. I use the base station name as DHCP client ID
Network tab
If your router acts as DHCP server, uncheck "Distribute IP addresses".
WDS tab
For the time being, leave "Enable this base station as a WDS" unchecked.
Update

Make sure you can connect to your ISP using DHCP.

Set up WDS main base station (creating the first leaves)

Choose a base station that will be connected directly to the root base station. Connect this to your laptop using ethernet. make sure that both the root base station and this new leaf are visible in Airport Admin Utility. Select the root base station and click "Configure".

WDS tab
Check "Enable this base station as a WDS main base station".
Click (+) and add the new base station as a WDS remote base station (client).
Update
Let the Admin Utility configure the remote base station automatically.

You should now be able to unplug the ethernet connection and see both base stations in Airport Admin Utility via wireless alone.

If you look at the Internet configuration of your newly remote base station, you will see that it is set up to connect using Airport (WDS), using the main base station as WDS host.

To add more links at this level, attach futher base stations by ethernet, configure the main base station, and add the new base station as a remote client, just as in the final steps above.

Set up WDS relay base stations (creating the first branches)

We now convert leaves to branches and add new leaves

Choose a base station that will become the new leaf. Connect this to your laptop using ethernet. make sure that both the old leaf you want to change into a branch and this new leaf are visible in Airport Admin Utility. Select the old leaf and click "Configure".

WDS tab
Under "Enable this base station as a WDS" select "relay base station".
Click (+) and add the new base station as a WDS remote base station (client).
Update
Let the Admin Utility configure the remote base station automatically.

If you look at the Internet configuration of your newly remote base station, you will see that it is set up to connect using Airport (WDS), using the relay base station as WDS host. This works.
Ignore the instruction, "The MAC address entered above should be the MAC address of the primary WDS base station, that is the base station connected to the internet."

Again, you can add more leaves to an existing branch by adding new clients to the relay base station.

References

AirPort: Potential sources of interference