Searching a debugging tool for kerberos inside Windows 10 Desktop
Benjamin Kaduk
kaduk at MIT.EDU
Wed Aug 24 21:10:15 EDT 2016
On Wed, 24 Aug 2016, Pablo Silva wrote:
> Hi! Dear Colleagues,
>
> I'm taking my first steps in using kerberos, our goal is to authenticate users who wish to use their Windows desktops via FreeIPA.
>
> The issue is that we have done both FreeIPA configuration as in the windows client, but every time I try to use my credentials that exist in FreeIPA, I see an error message in windows logs indicating:
>
> The Security System detected an authentication error for the server DNS/ds1.bbr.cl. The failure code from authentication protocol Kerberos was "No authority could be contacted for authentication.
> (0x80090311)".
>
> The kerberos configuration inside the windows desktop is:
>
>
> C:\Windows\system32>ksetup
> default realm = BBR.CL (external)
> BBR.CL:
> kdc = testwin10.areaprod.b2b
> kpasswd = testwin10.areaprod.b2b
> Realm Flags = 0x0No Realm Flags
> Mapping all users (*) to a local account by the same name (*).
This seems to indicate that you are just using the built-in Windows native
Kerberos support, and are not using the MIT Kerberos for Windows
distribution (that provides a more Unix-like libkrb5 and GSSAPI interface
for software being ported to windows). If so, you may have better luck
asking on kerberos at mit.edu, the general kerberos discussion list, which
has more subscribers than this list.
-Ben
More information about the kfwdev
mailing list