w2k client login to kerberos realm

Brian Thompson brianpm at ghidra.eng.wayne.edu
Sun Nov 10 16:36:39 EST 2002

Hi all, I'm having a problem logging into a
non-windows kerberos realm from a w2k 
workstation. The same realm username/password
works fine on the AD server due to a trust
and the w2k workstation can log in using
either a local account or an AD domain account.
The non-windows realm is on the domain pull-down
on the w2k workstation but logins don't work
unless I create a local account on the w2k 
workstation with the same name as the kerberos 
username. If I delete the local account it 
doesn't work. There is an account in the AD 
server with the same username which is the 
proxy account that I really want to use.

Without the local account, I get two different
symptoms depending on whether or not I have
a "ksetup /mapuser * *" defined on the w2k
workstation. If username mapping is defined, I
get an error message about not being able to
map a SID to the username. If username mapping
isn't defined, I get the regular failed login

Any assistance would be greatly appreciated!


More information about the Kerberos mailing list