[29885] in Kerberos

home help back first fref pref prev next nref lref last post

Problems with authenticating to a Win domain controller

daemon@ATHENA.MIT.EDU (radaczynski@gmail.com)
Wed May 28 11:25:23 2008

From: radaczynski@gmail.com
Date: Tue, 27 May 2008 23:58:25 -0700 (PDT)
Message-ID: <39b71f23-4227-4c63-b500-1801705cad9c@k37g2000hsf.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi,

I've recently encountered a strange error when trying to get a ticket
from a W2k domain controller. My setup is like this:

1. krb5.conf:
[libdefaults]
        default_realm = DOMAIN1.COM
        forwardable = true
        proxiable = true
        dns_lookup_realm = false
        dsn_lookup_kdc = false
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }

[realms]
        DOMAIN1.COM = {
                kdc = aaa.domain1.com:88
        }

[domain_realm]
        .domain1.com = DOMAIN1.COM
        domain1.com = DOMAIN1.COM
        .domain2.com = DOMAIN2.COM
        domain2.com = DOMAIN2.COM


[appdefaults]
        pam = {
            debug=false
            forwardable=true
            krb4_convert=false
        }

DOMAIN2 is a trusted domain of DOMAIN1

now, when i do this:
kinit myuser@DOMAIN2.COM
Password for myuser@DOMAIN2.COM:

and i get a TGT:  renew until 05/29/08 08:55:12, Etype (skey, tkt):
ArcFour with HMAC/md5, ArcFour with HMAC/md5, the principal is: krbtgt/
DOMAIN2.COM@DOMAIN2.COM

then I try:
kvno HTTP/test.domain1.com@DOMAIN1.COM
and get:
Server not found in Kerberos database while getting credentials

when I ty:
kvno HTTP/test.domain1.com@DOMAIN2.COM
I get:
KDC reply did not match expectations while getting credentials

Any help would be greatly appreciated.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post