win2k and kerberosV(mit)

Josef Allen josallen at cs.fsu.edu
Mon Jun 10 19:43:35 EDT 2002 

That is exactly what I am doing. I am using ethereal to watch the packets
and everthing weems to be looking right with the exception that I am
unable to logon the WIN2KPRO.
Do you have any suggestions


Josef De Vaughn Allen
                     z

On Mon, 10 Jun 2002, David Lawler Christiansen (NT) wrote:

>
> It sounds like you have a Win2K Pro machine (say, WIN2KPRO), and you are
> trying to add a realm (say, REALM) to it.  You want to map
> WIN2KPRO\LocalUser to realmuser at REALM.COM.  If I'm wrong about your
> setup, please correct me.
>
> If so, then:
>
> 1. logging on with WIN2KPRO\LocalUser (with the local password) should
> not generate any traffic on the KDC-- it's a local logon.  Kerberos is
> not involved.
>
> 2. Logging on with realmuser at REALM.COM (with the Kerberos password)
> should generate KDC traffic.
>
> If you're unsure, use tcpdump or Netmon to take a sniff.
>
> -----
> This message or posting is provided "AS IS" with no warranties, and
> confers no rights.
> Any opinions or policies stated within are my own and do not necessarily
> constitute those of my employer.
> I reside in Washington, USA, where Title 19 declares that sending me
> Unsolicited Commercial Email can result in a $500 fine.
> Harvesting of this address for purposes of bulk email (spam and UCE) is
> expressly prohibited unless by my explicit prior request.  I retaliate
> viciously against spammers and spam sites.
>
>
> > -----Original Message-----
> > From: Josef Allen [mailto:josallen at cs.fsu.edu]
> > Sent: Friday, June 07, 2002 12:19 AM
> > To: kerberos at mit.edu
> > Subject: win2k and kerberosV(mit)
> >
> >
> > I have recently followed the how to for a win2kpro to use a
> > mit kdc server. I followed all of the directions. I then
> > rebooted the win2kpro (windows 2000 professional). Ichecked
> > to see if I had different domains. Namely the domain that is
> > in question was the kdc domain name and the name of the
> > standalone win2kpro. I noticed that I had both domains. I
> > then mapped a user from a win2kpro user to a user at REALM using
> > the ksetup utility. Of course I had created a local account
> > already for the user on the win2kpro. I then tried to use the
> > account using my newly created domain. I had success. Now
> > that I have painted this picture let me tell you what went WRONG.
> >
> > I checked the krb5kdc.log file and saw no activity.
> > I checked the kadmind.log file and saw no activity.
> >
> > I tried to logon to the win2kpro machine with a user that was
> > created for the local machine BUT was not mapped to the mit
> > kdc. I was successful in logging on via the kdc domain.
> >
> > Thus how can I tell when I truly have interoperability.
> >
> >
> >
> > Josef De Vaughn Allen
> >                      z
> >
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > http://mailman.mit.edu/mailman/listinfo/kerberos
> >
>

More information about the Kerberos mailing list