change password expired because domain is not found

Lara Adianto m1r4cle_26 at
Tue Jun 22 07:08:01 EDT 2004

hello everybody,

I've posted this question a few weeks ago, but no one
replied, and *sigh*, I'm stil stucked.

Win2k client authenticates to MIT KDC

When the user's password is expired, windows will
prompt user with new password. However, change
password failed because domain MIT.REALM.COM cannot be

>From ethereal, I can see that the win2k client does a
CLDAP request, with filter: (&(DnsDomain =
MIT.REALM.COM)(Host=win2k_machine)(NtVer=\006). Since
this is not successful, it does IPX request and then
NBNS for domain MIT.REALM.COM.

How can I resolve this problem ?
1. Should I setup a MS-CLDAP server on a w2kserver
(which is not my KDC), or can I use openldap with
--enable-cldap (anyone ever tried this ?) ? 
2. Is there any better and easier way than setting up
the CLDAP server ? WINS ? 


La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
                                                                        - Guy de Maupassant -

Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage! 

More information about the Kerberos mailing list