[32231] in Kerberos
Authenticating Windows XP & 7 Against Kerberos Help-Plea!
daemon@ATHENA.MIT.EDU (Tom Medhurst)
Fri Apr 2 13:02:43 2010
MIME-Version: 1.0
From: Tom Medhurst <tom.medhurst@googlemail.com>
Date: Fri, 2 Apr 2010 01:22:50 +0100
Message-ID: <w2v8da9fa8d1004011722g4e8dfb9zbcd55aebb98da87a@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Guys,
I'm trying to get 2 Windows Clients (1x Windows XP Pro SP3, 1x Windows 7
Enterprise) configured so they logon via Kerberos 5-1.8 (Arch Linux Server,
Kerberos 5 build from source), and I'm soooo close I can smell it! but...
When I login I get the error message:
*"The username or password is incorrect"* on the Windows client.
The log file krb5kdc.log shows the following for each attempt:
*"dc1 krb5kdc[5372](info): AS_REQ (6 etypes {18 17 23 24 - 135 3}) 10.0.0.3:
ISSUE: authtime 1270166763, etypes {rep=23 tkt=16 ses=23}, tom@TNET.LOC for
krbtgt/TNET.LOC@TNET.LOC
dc1 krb5kdc[5372](info): TGS_REQ (5 etypes {18 17 23 24 - 135}) 10.0.0.3:
ISSUE: authtime 1270166763, etypes {rep=23 tkt16 ses23}, tom@TNET.LOC for
host/wdesk3.tnet.loc@TNET.LOC"*
Is there an error hidden somewhere in this krb5kdc.log output? Or should I
be looking elsewhere?
I have done the following:
1. Synced the time with a ntp server (on the same box) using *w32tm
/config ...
*
2. Added this machine to the list of hosts (via *
/usr/local/sbin/kadmin.local*):
1. kadmin.local> ank -e rc4-hmac:normal -policy host/wdesk3.tnet.loc
2. kadmin.local> ktadd -k /usr/local/var/krb5kdc/kadm5.keytab
3. Added the Windows machine to the realm, added the kdc server, and
mapped the users:
1. > ksetup /addkdc TNET.LOC dc1.tnet.loc
2. > ksetup /addkpasswd TNET.LOC dc1.tnet.loc
3. > ksetup /setrealm TNET.LOC
4. REBOOT WINDOWS
5. > ksetup /mapuser * *
I know that the Windows box is trying as everytime I attempt to login I get
the same messages in the server's krb5kdc.log file.
Can anybody help me figure out what I've missed?
Many Thanks,
Tom
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
