Fwd: Re: Kerberos error authenticating from Unix to Windows AD
Tyson Oswald
oswaldt at ameritech.net
Thu Feb 19 14:04:51 EST 2004
Tyson Oswald <oswaldt at ameritech.net> wrote: I generated a host key on the a Windows server and installed it on the Sun workstation with ktutil. The key was generated with the same password as the user on windows. It was setup with DES-CBC-CRC enctype, also krb5.conf is setup to use des-cbc-crc for both tkt and tgs. One thing I did do was when I FTPed the host key to the Sun box I used binary instead of ascii, if that caused a problem I do not know. If you think this could cause this issue I will re-copy it.
thank you,
Tyson Oswald
Jeffrey Altman <jaltman2 at nyc.rr.com> wrote:
Do you have a host key for the Windows workstation?
Does the Windows workstation know the name you have used for its host key?
Is the host key restricted to use an enctype of DES-CBC-CRC?
Did you create the host key with a password and not a random key?
Did you install the password into the Workstation using KSETUP?
Jeffrey Altman
Tyson Oswald wrote:
> Hello all,
>
> I read the white paper on the MS site
> (http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp)
> to setup AD authentication on Unix. It is based on MIT KDC, but I am
> using SEAM. Since SEAM is based on MIT, I assumed it would work. I
> am using SEAM 1.0.1 on SPARC Solaris 8. I followed the instructions
> in the white paper, and according to the event log on our PDC the user
> authenticates successfully. But, the Service Ticket is failing
> authentication. I am troubled as to why. The event id I am getting
> in the event log is 677. The failure code is 0x0d (bad option) and
> the ticket option is 0x02. According the the RFC 0x02 menas FORWARDED.
>
> Has anyone run into this error or know what is wrong?
>
> thank you,
>
> Tyson Oswald
More information about the Kerberos
mailing list