krb5 "Error Code 52" - UDP packet size - TCP fallback
Uli Schröder
uli.schroeder at gmx.net
Fri Jun 6 17:51:19 EDT 2003
Hi Ken!
> > When I run kinit for my testuser it works fine. The
> testuser ist just
> > a
> > member of the domain with read access to the directory. No
> other groups
> > or permissions. When I try to do a kinit for my own account
> with all its
> > group memberships, etc., I just get the error code 52. I
> read on the
> > internet that this is because the Windows 2000 server
> switches from UDP
> > to TCP if the maximum packet size is exceeded. I think this
> happens with
> > all my "normal" users.
>
> Yep, client-side TCP support wasn't in that release. The
> upcoming release from MIT will include it.
Is that already included in the snapshot or 1.3-beta versions on the
internet? Did MIT announce an estimated time for a release?
> > It seems like a lot of people managed to authenticate against AD.
> > Maybesomeone can help me with this problem and tell me how
> he solved it.
>
> Do you define a very large number of groups for access
> control that lots of people are in? That's how we set my
> account up to fail in the UDP-only case, for testing purposes...
I didn't have the time to experiment with different conditions. I just
used a very simple test account and my own account to check the
functionality. Yet still I am indeed in different groups that lots of
other people are in as well.
Kind regards,
Uli
More information about the Kerberos
mailing list