[19376] in Kerberos
Re: krb5 "Error Code 52" - UDP packet size - TCP fallback
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Jun 6 16:15:46 2003
To: Uli <uli.schroeder@gmx.net>
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Fri, 06 Jun 2003 16:11:15 -0400
In-Reply-To: <MPG.194afabe12cf38f3989680@news.t-online.de> (Uli's message of
"Fri, 6 Jun 2003 20:24:42 +0200")
Message-ID: <tx1wufzt198.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
> When I run kinit for my testuser it works fine. The testuser ist just a
> member of the domain with read access to the directory. No other groups
> or permissions. When I try to do a kinit for my own account with all its
> group memberships, etc., I just get the error code 52. I read on the
> internet that this is because the Windows 2000 server switches from UDP
> to TCP if the maximum packet size is exceeded. I think this happens with
> all my "normal" users.
Yep, client-side TCP support wasn't in that release. The upcoming
release from MIT will include it.
> It seems like a lot of people managed to authenticate against AD.
> Maybesomeone can help me with this problem and tell me how he solved it.
Do you define a very large number of groups for access control that
lots of people are in? That's how we set my account up to fail in the
UDP-only case, for testing purposes...
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
