Win logon to a MIT Kerberos V KDC?
Turbo Fredriksson
turbo at bayour.com
Thu Sep 26 13:02:59 EDT 2002
>>>>> "Luke" == Luke Howard <lukeh at PADL.COM> writes:
>> 'a local or AD account'. I don't have AD, but I _DO_ have a
>> local account.
Luke> So, according to Microsoft's documentation, it should "just
Luke> work".
Exactly. Dang, I hate when it (software) does this! :)
>> ----- s n i p ----- Sep 26 08:02:19 rmgztk krb5kdc[1075](info):
>> TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135})
>> <IP_OF_FIREWALL_AT_HOME>(88): UNKNOWN_SERVER: authtime
>> 1033020129, turbo@<MYREALM.TLD> for
>> host/majorskan.<MYDOMAIN.TLD>@<MYREALM.TLD>, Server not found
>> in Kerberos database ----- s n i p -----
>>
>> Previosly, I've solved this by adding the principal to the
>> system keytab (on the host). This was obviosly wrong...
Luke> Set the password on the KDC to some arbitrary text string
Luke> (as if it were a user) using kadmin, then run ksetup
Luke> /SetComputerPassword with the same password. Did you try
Luke> that?
Yes. Changed the password AGAIN, used ksetup.exe and rebooted. No change.
>> What are all those encryption types? Do I miss some?
Luke> NT stores the plaintext password for machine accounts so it
Luke> can generate whatever encryption types it likes; in this
Luke> manner, it differs to UNIX.
I see. Do I lack any (see other mail in thread)?
More information about the Kerberos
mailing list