Win logon to a MIT Kerberos V KDC?

Luke Howard lukeh at PADL.COM
Thu Sep 26 12:24:41 EDT 2002

>'a local or AD account'. I don't have AD, but I _DO_ have a local

So, according to Microsoft's documentation, it should "just work".

>----- s n i p -----
>Sep 26 08:02:19 rmgztk krb5kdc[1075](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135})
><IP_OF_FIREWALL_AT_HOME>(88): UNKNOWN_SERVER: authtime 1033020129,  turbo@<MYREALM.TLD>
>for host/majorskan.<MYDOMAIN.TLD>@<MYREALM.TLD>, Server not found in Kerberos database
>----- s n i p -----
>Previosly, I've solved this by adding the principal to the system
>keytab (on the host). This was obviosly wrong...

Set the password on the KDC to some arbitrary text string (as if it
were a user) using kadmin, then run ksetup /SetComputerPassword
with the same password. Did you try that?

>What are all those encryption types? Do I miss some?

NT stores the plaintext password for machine accounts so it can
generate whatever encryption types it likes; in this manner, it
differs to UNIX.

-- Luke

Luke Howard | PADL Software Pty Ltd |

More information about the Kerberos mailing list