Win logon to a MIT Kerberos V KDC?

Turbo Fredriksson turbo at
Thu Sep 26 13:02:59 EDT 2002

>>>>> "Luke" == Luke Howard <lukeh at PADL.COM> writes:

    >> 'a local or AD account'. I don't have AD, but I _DO_ have a
    >> local account.

    Luke> So, according to Microsoft's documentation, it should "just
    Luke> work".

Exactly. Dang, I hate when it (software) does this! :)

    >> ----- s n i p ----- Sep 26 08:02:19 rmgztk krb5kdc[1075](info):
    >> TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135})
    >> 1033020129, turbo@<MYREALM.TLD> for
    >> host/majorskan.<MYDOMAIN.TLD>@<MYREALM.TLD>, Server not found
    >> in Kerberos database ----- s n i p -----
    >> Previosly, I've solved this by adding the principal to the
    >> system keytab (on the host). This was obviosly wrong...

    Luke> Set the password on the KDC to some arbitrary text string
    Luke> (as if it were a user) using kadmin, then run ksetup
    Luke> /SetComputerPassword with the same password. Did you try
    Luke> that?

Yes. Changed the password AGAIN, used ksetup.exe and rebooted. No change.

    >> What are all those encryption types? Do I miss some?

    Luke> NT stores the plaintext password for machine accounts so it
    Luke> can generate whatever encryption types it likes; in this
    Luke> manner, it differs to UNIX.

I see. Do I lack any (see other mail in thread)?

More information about the Kerberos mailing list