|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: "Osipov, Michael" <michael.osipov@siemens.com> To: "kerberos@mit.edu" <kerberos@mit.edu> Date: Wed, 29 Jul 2015 11:43:19 +0000 Message-ID: <68644224DA0DE64CA5A49838ED219A0425A98A1E@DEFTHW99EJ5MSX.ww902.siemens.net> Content-Language: de-DE MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: kerberos-bounces@mit.edu Hi, I have created a client keytab with ktutil: add_entry -password -p osipovmi@COMAPNY.NET -k 1 -e aes256-cts-hmac-sha1-96 add_entry -password -p osipovmi@COMAPNY.NET -k 1 -e aes128-cts-hmac-sha1-96 add_entry -password -p osipovmi@COMAPNY.NET -k 1 -e arcfour-hmac then trying to obtain a TGT with 'kinit -k -i' but all I get is: kinit: Invalid argument while getting initial credentials Turning on KRB5_TRACE and Wireshark, I see that the server is rejecting both AES ciphers from my client. If I reduce the keytab down to arcfour-hmac, all works fine. I am on FreeBSD 9.x, MIT Kerberos 1.13.2 from ports system and multiple Windows Server 2008 R2. How can I locate this issue? Any advises? KRB5_TRACE and pcap file can be provided privately. Regards, Michael Osipov PS: I triple-checked the password, so the issue is not with that. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |