[17139] in Kerberos_V5_Development
Kerberos & AD Setup Issue
daemon@ATHENA.MIT.EDU (Ranjith Murugan)
Tue Sep 6 10:32:43 2011
From: "Ranjith Murugan" <muruganr@vmware.com>
To: <krbdev@mit.edu>, <kerberos@mit.edu>
In-Reply-To:
Date: Tue, 6 Sep 2011 07:32:09 -0700 (PDT)
Message-ID: <0b3101cc6ca1$c1f3da20$45db8e60$@com>
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi all
I have been trying to setup an Kerberos and Active Directory setup, Seeing
the same issue you have mentioned in you post (Preauth and ticket
forwarding). I am currently not able to login to a windows machine using a
kerberos user. The Kerberos Server logs show a error [NEEDED_PREAUTH:
<mailto:admin@QA12.INT> admin@QA12.INT for
<mailto:krbtgt/QA12.INT@QA12.INT> krbtgt/QA12.INT@QA12.INT, Additional
pre-authentication required].
Error from the kerberos server:
Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (7 etypes {23 -133
-128 3 1 24 -135}) 10.20.221.180: NEEDED_PREAUTH: admin@QA12.INT for
krbtgt/QA12.INT@QA12.INT, Additional pre-authentication required
Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (2 etypes {3 1})
10.20.221.180: ISSUE: authtime 1315318814, etypes {rep=3 tkt=1 ses=1},
admin@QA12.INT for krbtgt/QA12.INT@QA12.INT
Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133
-128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes
{rep=1 tkt=1 ses=1}, admin@QA12.INT for krbtgt/QA10.INT@QA12.INT
Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133
-128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes
{rep=1 tkt=16 ses=1}, admin@QA12.INT for
<mailto:host/dmtest.qa10.int@QA12.INT> host/dmtest.qa10.int@QA12.INT
Environment:
- Kerberos Server(Ubuntu 10.10)
- AD - Windows 2003 R2
Tried to do an Wireshark trace on the communication between the Windows AD
and Kerberos Server, I found that the PA-ENC-TIMESTAMP - data missing,
Could someone let me know if I am missing some configuration information.
Regards,
Ranjith.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
