[29886] in Kerberos
Re: Problems with authenticating to a Win domain controller
daemon@ATHENA.MIT.EDU (radaczynski@gmail.com)
Wed May 28 11:25:27 2008
From: radaczynski@gmail.com
Date: Wed, 28 May 2008 00:00:59 -0700 (PDT)
Message-ID: <ce9536ef-458d-4bc1-bd34-3044a5201dcd@r66g2000hsg.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 28 Maj, 08:58, radaczyn...@gmail.com wrote:
> Hi,
>
> I've recently encountered a strange error when trying to get a ticket
> from a W2k domain controller. My setup is like this:
>
> 1. krb5.conf:
> [libdefaults]
> default_realm = DOMAIN1.COM
> forwardable = true
> proxiable = true
> dns_lookup_realm = false
> dsn_lookup_kdc = false
> v4_instance_resolve = false
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> }
> plain = {
> something = something-else
> }
> }
>
> [realms]
> DOMAIN1.COM = {
> kdc = aaa.domain1.com:88
> }
>
> [domain_realm]
> .domain1.com = DOMAIN1.COM
> domain1.com = DOMAIN1.COM
> .domain2.com = DOMAIN2.COM
> domain2.com = DOMAIN2.COM
>
> [appdefaults]
> pam = {
> debug=false
> forwardable=true
> krb4_convert=false
> }
>
> DOMAIN2 is a trusted domain of DOMAIN1
>
> now, when i do this:
> kinit myu...@DOMAIN2.COM
> Password for myu...@DOMAIN2.COM:
>
> and i get a TGT: renew until 05/29/08 08:55:12, Etype (skey, tkt):
> ArcFour with HMAC/md5, ArcFour with HMAC/md5, the principal is: krbtgt/
> DOMAIN2....@DOMAIN2.COM
>
> then I try:
> kvno HTTP/test.domain1....@DOMAIN1.COM
> and get:
> Server not found in Kerberos database while getting credentials
>
> when I ty:
> kvno HTTP/test.domain1....@DOMAIN2.COM
> I get:
> KDC reply did not match expectations while getting credentials
>
> Any help would be greatly appreciated.
It seems that there is a similar thread (or rather a question) here:
http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/2869
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
