[30395] in Kerberos
Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
daemon@ATHENA.MIT.EDU (Jonathan Barber)
Fri Oct 31 06:02:21 2008
Date: Fri, 31 Oct 2008 10:00:53 +0000
From: Jonathan Barber <j.barber@dundee.ac.uk>
To: kerberos@mit.edu
Message-ID: <20081031095755.GA23664@flea.lifesci.dundee.ac.uk>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
We're recently introduced kerberos to our unix infrastructure and have
it working for ssh'ing from and to unix hosts, so are now trying to
configuring Windows as an ssh client.
Our first Windows client is a 2003 terminal server joined to a NT4 style
domain (provided by samba).
We've been following the instructions from here:
http://glast-ground.slac.stanford.edu/workbook/pages/getting_connected/ssh_forwindows.htm
And have successfully installed and configured NetIDMgr 1.3.1.0 and can
authenticate against our KDC as our principals and get tickets with
NetIDMgr.
After downloading putty from here:
http://web.mit.edu/jaltman/Public/putty-0.59-with-gssapi.zip
and copying the dll's from the MIT NetIDMgr install to
C:\Windows\system32, we get the following message from putty when we try
to connect to a kerberised ssh server:
Event Log: GSSAPI error: Unspecified GSS failure. Minor code may provide more information
Event Log: GSSAPI mech specific error: Cannot resolve network address for KDC in requested realm
The same ssh server works fine from a linux client with the same
principal.
AFAIK DNS is correctly configured for the terminal server, can anyone
shed any light on what might be going on?
Regards.
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
