|
Even with a clean Kerberos software installation, it is still possible to
run into problems when trying to access Kerberos-controlled network services.
The tips provided below may help with some of the more common problems.
If the problem you are having isn't covered here, contact the Computing Help
Desk at 646-2999 and select from the options provided, send electronic mail to
help@Dartmouth.edu, or contact your department's
computing support office. It is always possible there is a problem with
your computer's system software.
SideCar Is Not Installed
If you have already gone through the testing process and have installed a
clean copy of the Kerberos software, but you are still getting an error message
telling you SideCar is not installed, there are three possible reasons. They
all prevent Kerberos from being able to contact your computer across the
network and to obtain a ticket, even if you can see your name in the floating
ticket window. They are:
- You are on an off-campus network that employs a Network
Firewall. These devices (either hardware or software) block network
traffic to uncommon programs like SideCar.
- You are dialed into an Internet Service Provider, like AOL, that uses a
Network Address Translation system that provides your computer
with a fake Internet address. This fake address prevents the
Dartmouth network server from contacting SideCar on your computer.
- You are using a browser that is configured to connect through a
Proxy Server. The Proxy Server makes all browser requests on
your behalf, so the Dartmouth network server thinks the Proxy Server is running
SideCar because it never sees your computer's Internet address.
With each of these, you may not be able to fix the problem. If that is the
case, we recommend using VPN Client software (
Mac OS X, Windows),
which is an application that creates a secure network connection between your
computer and the Dartmouth network. Start the VPN Client software on your
computer, then obtain a Kerberos ticket.
If you don't have the VPN Client software on your computer, call the
Computing Help Desk at 646-2999 and select from the options provided, send
electronic mail to help@dartmouth.edu,
or call your department's
computing support office. Downloading the software and accessing the
instructions for installing and configuring the software require you to be able
to authenticate.
Alternatively, you can dial into Dartmouth directly (possibly a long
distance call; see the Connecting
from Off Campus Web page), or come to the Dartmouth campus.
Connecting by VPN, dialing in, or coming to the Dartmouth campus are the
only ways we can ensure you are on a network that will permit you access to
Kerberos-controlled network services.
Good Connection, But Still Receiving an Error Message
Because of some quirks in browser programs, it is possible you are able to
successfully test your Kerberos installation, but still get an error page when
you try to access a Kerberos-controlled Web site. If this occurs, it is likely
your browser program (Internet Explorer, Safari,
Firefox, etc.) has stored the error page in its memory cache. Since
the browser program thinks you have already visited that page, you get an error
instead of the correct page.
The solution is to empty the cache. With most browsers, the process requires
going to the Preferences or Internet Options
and selecting the Clear or Empty Cache
option.
Computer Clock Is Out of Sync
If you get a "Time is out of bounds" error message, it usually means your
computer's system clock is out of sync with the clock on the Kerberos ticket
server. It is possible your computer has been set to an incorrect time zone, or
your computer's clock is more than 10-15 minutes off from the Kerberos server's
clock. The easiest way to fix this is to set the
KClient/SideCar option for synchronizing your computer's clock
with the Kerberos server clock.
For Mac OS X users, select System Preferences from the
Apple menu, then Date & Time. Click the
Set date & time automatically field and enter
nts.dartmouth.edu in the field.
For Windows users, right-click on the Padlock
(Kerberos) icon in your system tray and select the Synchronize
Clock option. Try to access a Kerberos-controlled Web site again. If
you still get a "Time is out of bounds" error message, you computer's clock may
be set to a time zone other than the Eastern time zone. Double-click the
Clock icon in your system tray, select the Time
Zone tab and make sure it's set to Eastern Time (US &
Canada) if you are in the eastern time zone. If you are in a different
time zone, make sure the time is set to the correct time zone for where
you are currently located and for which your computer's clock is set.
Additional Kerberos errors are detailed on the error messages pages of the
Macintosh and
Windows software sections on this Web site.
Incorrect Kerberos Realm
The Kerberos software we use at Dartmouth allows for one individual to check
out a ticket from multiple Realms. The possible realms
are:
- Dartmouth.edu: Dartmouth College students, faculty, and
staff.
- Hitchcock.org: DHMC staff and DMS faculty members.
- Dartmouth.org: Dartmouth alumni/ae.
If your Dartmouth affiliation is such that you are a member of more than one
realm (for example, a DMS faculty member could be a member of dartmouth.edu and
hitchcock.org), it is possible you are signing out a ticket from the wrong
realm to access the Kerberos-controlled network service. Try closing your
ticket and selecting a different realm from the pop-up menu when you are asked
to sign out a new ticket.
|
