Windows XP and Kerberos auth
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Jun 17 15:42:04 EDT 2004
Perhaps the machine password was sent incorrectly.
How did you choose a password for host/damasco.ime.unicamp.br?
Rodolfo Broco Manin wrote:
> Hi, all!
>
> I'm configuring a Windows XP Professional workstarion to log on using MIT
> Kerberos authentication. So, I used the Windows 2000 "ksetup.exe" tool to
> configure the client's registry and created a local account with the same
> name of my test principal.
>
> The "host/xxx" and the user's principals exists at KDC - booth with
> "des-cbc-crc:normal" encryption type (i also tryed the default one early).
>
> Problem is: I still having the "Username or password incorrect bla bla
> bla..." error at login.
>
> Apparently, the Windows box is getting a ticket. When I type the correct
> password, my KDC logs:
>
> ----------------------------
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=3 tkt=23 ses=23}, guest at IME.UNICAMP.BR for
> krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=3 tkt=23 ses=23}, guest at IME.UNICAMP.BR for
> krbtgt/IME.UNICAMP.BR at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=23 tkt=1 ses=1}, guest at IME.UNICAMP.BR for
> host/damasco.ime.unicamp.br at IME.UNICAMP.BR
> Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
> {23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
> etypes {rep=23 tkt=1 ses=1}, guest at IME.UNICAMP.BR for
> host/damasco.ime.unicamp.br at IME.UNICAMP.BR
> ----------------------------
>
> (if the password is incorrect, the "TGS_REQ" messages don't shows up)
>
> The output of "ksetup" at this windows box looks like:
>
> ----------------------------
> default realm = IME.UNICAMP.BR (external)
> IME.UNICAMP.BR:
> kdc = lvs.ime.unicamp.br
> Mapping all users (*) to a local account by the same name (*).
> ----------------------------
>
> Using a specific mapping ("guest at IME.UNICAMP.BR" => "guest") results the
> same error.
>
> My Linux and Solaris clients logs on this user with no problems at all,
> and I can get a ticket issuing "kinit" (from KfW) for this user.
>
> There are some posts about a windows registry's "debug level setting" key
> for kerberos ([...]/Lsa/Kerberos/Parameters/LogLevel = 1), but I think it
> doesn't work on Windows XP (not at mine).
>
> Some idea??
>
> Tnks in advice!!
>
> []s!
> Rodolfo
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list