win2k and kerberosV(mit)
josallen at cs.fsu.edu
Mon Jun 10 19:43:35 EDT 2002
That is exactly what I am doing. I am using ethereal to watch the packets
and everthing weems to be looking right with the exception that I am
unable to logon the WIN2KPRO.
Do you have any suggestions
Josef De Vaughn Allen
On Mon, 10 Jun 2002, David Lawler Christiansen (NT) wrote:
> It sounds like you have a Win2K Pro machine (say, WIN2KPRO), and you are
> trying to add a realm (say, REALM) to it. You want to map
> WIN2KPRO\LocalUser to realmuser at REALM.COM. If I'm wrong about your
> setup, please correct me.
> If so, then:
> 1. logging on with WIN2KPRO\LocalUser (with the local password) should
> not generate any traffic on the KDC-- it's a local logon. Kerberos is
> not involved.
> 2. Logging on with realmuser at REALM.COM (with the Kerberos password)
> should generate KDC traffic.
> If you're unsure, use tcpdump or Netmon to take a sniff.
> This message or posting is provided "AS IS" with no warranties, and
> confers no rights.
> Any opinions or policies stated within are my own and do not necessarily
> constitute those of my employer.
> I reside in Washington, USA, where Title 19 declares that sending me
> Unsolicited Commercial Email can result in a $500 fine.
> Harvesting of this address for purposes of bulk email (spam and UCE) is
> expressly prohibited unless by my explicit prior request. I retaliate
> viciously against spammers and spam sites.
> > -----Original Message-----
> > From: Josef Allen [mailto:josallen at cs.fsu.edu]
> > Sent: Friday, June 07, 2002 12:19 AM
> > To: kerberos at mit.edu
> > Subject: win2k and kerberosV(mit)
> > I have recently followed the how to for a win2kpro to use a
> > mit kdc server. I followed all of the directions. I then
> > rebooted the win2kpro (windows 2000 professional). Ichecked
> > to see if I had different domains. Namely the domain that is
> > in question was the kdc domain name and the name of the
> > standalone win2kpro. I noticed that I had both domains. I
> > then mapped a user from a win2kpro user to a user at REALM using
> > the ksetup utility. Of course I had created a local account
> > already for the user on the win2kpro. I then tried to use the
> > account using my newly created domain. I had success. Now
> > that I have painted this picture let me tell you what went WRONG.
> > I checked the krb5kdc.log file and saw no activity.
> > I checked the kadmind.log file and saw no activity.
> > I tried to logon to the win2kpro machine with a user that was
> > created for the local machine BUT was not mapped to the mit
> > kdc. I was successful in logging on via the kdc domain.
> > Thus how can I tell when I truly have interoperability.
> > Josef De Vaughn Allen
> > z
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos