[19377] in Kerberos
RE: krb5 "Error Code 52" - UDP packet size - TCP fallback
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Uli_Schr=F6der?=)
Fri Jun 6 17:51:47 2003
From: =?iso-8859-1?Q?Uli_Schr=F6der?= <uli.schroeder@gmx.net>
To: "'Ken Raeburn'" <raeburn@mit.edu>
Date: Fri, 6 Jun 2003 23:51:19 +0200
Message-ID: <000401c32c75$c6bc97b0$01c7a8c0@merkur>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <tx1wufzt198.fsf@mit.edu>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
Hi Ken!
> > When I run kinit for my testuser it works fine. The
> testuser ist just
> > a
> > member of the domain with read access to the directory. No
> other groups
> > or permissions. When I try to do a kinit for my own account
> with all its
> > group memberships, etc., I just get the error code 52. I
> read on the
> > internet that this is because the Windows 2000 server
> switches from UDP
> > to TCP if the maximum packet size is exceeded. I think this
> happens with
> > all my "normal" users.
>
> Yep, client-side TCP support wasn't in that release. The
> upcoming release from MIT will include it.
Is that already included in the snapshot or 1.3-beta versions on the
internet? Did MIT announce an estimated time for a release?
> > It seems like a lot of people managed to authenticate against AD.
> > Maybesomeone can help me with this problem and tell me how
> he solved it.
>
> Do you define a very large number of groups for access
> control that lots of people are in? That's how we set my
> account up to fail in the UDP-only case, for testing purposes...
I didn't have the time to experiment with different conditions. I just
used a very simple test account and my own account to check the
functionality. Yet still I am indeed in different groups that lots of
other people are in as well.
Kind regards,
Uli
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
