Connecting to a WIN2K Share as a Kerberos User

Actually davidchr davespam at
Fri Nov 1 20:50:44 EST 2002

Do you have more than one Win2K machine, or are you attempting to
connect to the Win2K box from itself using different credentials from
the KDC domain (this IS supported, obviously)?  Standard response: make
sure you're running the latest Service Pack for Win2K, since some
interoperability fixes are included.

If your Win2K box allows you to sit down at it and logon as a user
principal from an MIT Realm, then the only mechanism I can thank of
offhand that might be required for it to authenticate OTHER users would
be mappings (ksetup /mapuser) for those users.  

Does the Win2K box generate any kerberos traffic (use tcpdump or netmon)
in response to the net use attempt?

This message is provided "AS IS" with no warranties, and confers no
Message may originate from an unmonitored alias ("davespam").  If so,
use "davidchr" if a direct reply is required. 
Any opinions or policies stated within are my own and do not necessarily
constitute those of my employer.
I reside in Washington, USA, where Title 19 declares that sending me
Unsolicited Commercial Email can result in a $500 fine.
Harvesting of this address for purposes of bulk email (spam and UCE) is
expressly prohibited unless by my explicit prior request.  I retaliate
viciously against spammers and spam sites.

> -----Original Message-----
> From: Sam Evans [mailto:sam at] 
> Sent: Wednesday, October 30, 2002 7:44 AM
> To: kerberos at
> Subject: Connecting to a WIN2K Share as a Kerberos User
> I am using an MIT (1.2.6) KDC on FreeBSD.  Things are working 
> great, and I have gotten a WIN2K Server (not in a Domain) to 
> authenticate users against the KDC if they logon to the 
> server at the console.
> My question, is how can I connect to a share on the Win2k 
> server *as* a user in the KDC realm?  I've tried doing:
> net use * \\server\share /user:user at KDC.REALM.COM 
> and it tells me invalid userid or password..  If also tried
> /user:KDC.REALM.COM\user   to no avail.
> Is this even possible?
> Thanks,
> Sam
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list