Cross Realm authentication error

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Wed Nov 20 11:36:53 EST 2002 

Dain,

When you use the telnet client to connect to your unix host which unix
user are you trying to connect with and can you login to this unix
account without kerberos being used ? Which version of the CyberSafe
products are you using (KDC and UNIX Client) ? Which company do you
work for ?

If you contact me via. email (support at cybersafe.ltd.uk) I will be able
to help you with this support requirement.

Regards, Tim.

dain1155 at hotmail.com ("Dain Ridnouer") wrote in message news:<F26gvux74kd45M4kyMd000010ce at hotmail.com>...
> Any help on the following problem would be appreciated.
> 
> I am trying to set up a cross realm environment between a Microsoft KDC and
> a KDC running in the Unix environment and keep getting "Authorization
> failed" when doing a kerberized telnet from the Microsoft side to Unix.  The
> Unix KDC runs the CyberSafe version of kerberos version 5.
> 
> Details:
> Microsoft hostname: microkerb.org
> Microsoft realm: MICROKERB.ORG
> Unix hostname: kerbsrvt1.test.org
> Unix Realm: UKREALM
> 
> I have read the Microsoft and CyberSafe interoperability papers and set up
> the appropriate trusts and user mappings between the 2 realms (I think).
> 
> When I log on an XP machine in the Microsoft realm I get the following
> tickets:
> 
> MICROKERB.ORG
> |
> |--  krbtgt/MICROKERB.ORG at MICROKERB.ORG
> |--  krbtgt/MICROKERB.ORG at MICROKERB.ORG
> |--  host/xpbox1.microkerb.org
> |--  LDAP/mserver1.microkerb.org at MICROKERB.ORG
> |--  ldap/mserver1.microkerb.org/microkerb.org at MICROKERB.ORG
> |--  cifs/mserver1.microkerb.org at MICROKERB.ORG
> 
> I do the telnet and get the following messages when I turn on debugging:
> 
> -------------------------------------------------------------
> Sent: WILL AUTHENTICATION
> Sent: DO ENCRYPT
> Sent: WILL ENCRYPT
> Sent: WILL NAWS
> Rcvd: DO AUTHENTICATION
> Rcvd: SB AUTHENTICATION KERBEROS_V4 SERVER|MUTUAL KERBEROS_V5 SERVER|MUTUAL
> 0 1 2 1 0
> Rcvd: WILL ENCRYPT
> Rcvd: DO ENCRYPT
> Sent: WILL ENCRYPT
> Rcvd: SB ENCRYPT  SUPPORT 1 2
> Rcvd: DO NAWS
> Sent: WILL NAWS
> Sent: SB NAWS  0 50 0 28
> Rcvd: DO TERMINAL TYPE
> Sent: WILL TERMINAL TYPE
> Rcvd: DO TSPEED
> Sent: WONT TSPEED
> Rcvd: DO XDISPLOC
> Sent: WONT XDISPLOC
> Rcvd: DO ENVIRON
> Sent: WONT ENVIRON
> Rcvd: SB TERMINAL TYPE  1
> Sent: SB TERMINAL TYPE  0 56 54 31 30 30
> _telnetd: Authorization failed.
> Remote Host Closed
> --------------------------------------------------------
> 
> In the Unix log I get:
> 
> Oct 23 14:19:10 kerbsrvt1 telnetd[11334]: connection from
> xpbox1.microkerb.org at ipaddr xxx.xx.xxx.xxx
> Oct 23 14:19:11 kerbsrvt1 telnetd[11334]: $TELNETD-E-C00008B6, Authorization
> failed
> 
> After this I get the following additional tickets for the Unix realm.
> 
> UKREALM
> |
> |--  krbtgt/UKREALM
> |--  host/kerbsrvt1.test.org
> 
> 
> Could my mappings be wrong?  It appears that I get my cross realm ticket
> then fail using it.  Any suggestions for changes or additional debugging
> that I can be using?
> 
> Thank You,
> Dain
> 
> 
> 
> 
> _________________________________________________________________
> Protect your PC - get McAfee.com VirusScan Online 
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list