[33427] in Kerberos
Windows7 and Kerberos trust relationship
daemon@ATHENA.MIT.EDU (Claudio Prono)
Thu May 26 06:24:16 2011
Message-ID: <4DDE2A4A.5020408@atpss.net>
Date: Thu, 26 May 2011 12:24:10 +0200
From: Claudio Prono <claudio.prono@atpss.net>
MIME-Version: 1.0
To: kerberos@mit.edu
Reply-To: claudio.prono@atpss.net
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am playing with Windows 7 and Kerberos authentication with MIT
Kerberos 1.8.3.
My test is the following: Autenticate a Windows 7 with Kerberos.
So, i have installed a test Windows 7, and a test OpenSuSE 11.4 with
kerberos. Configured Kerberos and installed Kerberos for Windows 3.2.2
on the Windows 7. Tested it with network identity manager, and the
client get the ticket perfectly, can change password etc. etc.
Then, I have followed the following guide to add a windows 7 to an
external KDC:
-
https://wiki.ncsa.illinois.edu/display/ITS/Windows+7+Kerberos+Login+using+External+Kerberos+KDC
so, my kerberos database now have the following keys:
K/M@MEDIASERVICE-TEST.PRI
admin@MEDIASERVICE-TEST.PRI
afs@MEDIASERVICE-TEST.PRI
cprono@MEDIASERVICE-TEST.PRI
host/vmtest-pc.mediaservice-test.pri@MEDIASERVICE-TEST.PRI
kadmin/admin@MEDIASERVICE-TEST.PRI
kadmin/afs-test@MEDIASERVICE-TEST.PRI
kadmin/changepw@MEDIASERVICE-TEST.PRI
kadmin/history@MEDIASERVICE-TEST.PRI
krbtgt/MEDIASERVICE-TEST.PRI@MEDIASERVICE-TEST.PRI
Then, i try to login with the windows Client, but it says to me "The
trust relationship with the domain has failed", or something similar
(sorry, is a translation from italian).
Into the kerberos log i see this:
May 26 12:24:39 afs-test krb5kdc[1498](info): AS_REQ (6 etypes {18 17 23
24 -135 3}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18
tkt=18 ses=18}, cprono@MEDIASERVICE-TEST.PRI for
krbtgt/MEDIASERVICE-TEST.PRI@MEDIASERVICE-TEST.PRI
May 26 12:24:39 afs-test krb5kdc[1498](info): TGS_REQ (5 etypes {18 17
23 24 -135}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18
tkt=18 ses=18}, cprono@MEDIASERVICE-TEST.PRI for
host/vmtest-pc.mediaservice-test.pri@MEDIASERVICE-TEST.PRI
May 26 12:24:39 afs-test krb5kdc[1498](info): AS_REQ (6 etypes {18 17 23
24 -135 3}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18
tkt=18 ses=18},
host/vmtest-pc.mediaservice-test.pri@MEDIASERVICE-TEST.PRI for
krbtgt/MEDIASERVICE-TEST.PRI@MEDIASERVICE-TEST.PRI
Seems all right, but the client don't login... I have tried also to
sniff the network traffic when the autentication is done, and this is
the result:
12:26:21.869814 IP 192.168.87.249.49298 > 192.168.87.253.88: v5
12:26:21.870887 IP 192.168.87.253.88 > 192.168.87.249.49298: v5
12:26:21.888886 IP 192.168.87.249.49299 > 192.168.87.253.88:
12:26:21.892069 IP 192.168.87.253.88 > 192.168.87.249.49299:
12:26:21.896066 IP 192.168.87.249.49300 > 192.168.87.253.88: v5
12:26:21.897171 IP 192.168.87.253.88 > 192.168.87.249.49300: v5
All the requests are to Kerberos, nothing more... So what is wrong?
Any help is well accepted naturally.
Cordially,
Claudio Prono.
--
--------------------------------------------------------------------------------
Claudio Prono OPST
System Developer
Gsm: +39-349-54.33.258
@PSS Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
