Win logon to a MIT Kerberos V KDC?
Luke Howard
lukeh at PADL.COM
Thu Sep 26 12:24:41 EDT 2002
>'a local or AD account'. I don't have AD, but I _DO_ have a local
>account.
So, according to Microsoft's documentation, it should "just work".
>----- s n i p -----
>Sep 26 08:02:19 rmgztk krb5kdc[1075](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135})
><IP_OF_FIREWALL_AT_HOME>(88): UNKNOWN_SERVER: authtime 1033020129, turbo@<MYREALM.TLD>
>for host/majorskan.<MYDOMAIN.TLD>@<MYREALM.TLD>, Server not found in Kerberos database
>----- s n i p -----
>
>Previosly, I've solved this by adding the principal to the system
>keytab (on the host). This was obviosly wrong...
Set the password on the KDC to some arbitrary text string (as if it
were a user) using kadmin, then run ksetup /SetComputerPassword
with the same password. Did you try that?
>What are all those encryption types? Do I miss some?
NT stores the plaintext password for machine accounts so it can
generate whatever encryption types it likes; in this manner, it
differs to UNIX.
-- Luke
--
Luke Howard | PADL Software Pty Ltd | www.padl.com
More information about the Kerberos
mailing list