Kerberos error authenticating from Unix to Windows AD

Tyson Oswald oswaldt at ameritech.net
Thu Feb 19 14:15:54 EST 2004 

I guess I should have been more clear.  I want to use my Windows AD
account to login to a Sun machine.  My krb5.conf is setup to use
des-cbc-crc, I created a host key on the Windows machine which is
mapped to a AD user acount for the Unixmachine.  The host key's
password is the same as the Unixmachine AD user account.  I copied the
key to the unix box via FTP, and used ktutil to merge the host key
into my keytab. I created a Unix user called testuser and a user on
the WIndows AD called testuser.  When I try and login o the unix
machine with testuser, I can see from the logs on the Windows server
that testser is granted a ticket, and just after that the service
ticket request fails, I am not even sure what a service ticket is. 
The time is only off by 30 seconds or so between the two machines.
ANy help would be appreciated.

thank you,

Tyson Oswald


Jeffrey Altman <jaltman2 at nyc.rr.com> wrote in message news:<4034D5C1.8030305 at nyc.rr.com>...
> Do you have a host key for the Windows workstation?
> 
> Does the Windows workstation know the name you have used for its host key?
> 
> Is the host key restricted to use an enctype of DES-CBC-CRC?
> 
> Did you create the host key with a password and not a random key?
> 
> Did you install the password into the Workstation using KSETUP?
> 
> Jeffrey Altman
> 
> 
> Tyson Oswald wrote:
> > Hello all,
> > 
> > I read the white paper on the MS site
> > (http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp)
> > to setup AD authentication on Unix.  It is based on MIT KDC, but I am
> > using SEAM.  Since SEAM is based on MIT, I assumed it would work.  I
> > am using SEAM 1.0.1 on SPARC Solaris 8.  I followed the instructions
> > in the white paper, and according to the event log on our PDC the user
> > authenticates successfully.  But, the Service Ticket is failing
> > authentication.  I am troubled as to why.  The event id I am getting
> > in the event log is 677.  The failure code is 0x0d (bad option) and
> > the ticket option is 0x02. According the the RFC 0x02 menas FORWARDED.
> > 
> > Has anyone run into this error or know what is wrong?
> > 
> > thank you,
> > 
> > Tyson Oswald

More information about the Kerberos mailing list