Problems trying to authenticate Unix users via Active Directory
Bill Smith
bill.smith at jhuapl.edu
Thu Aug 25 10:35:24 EDT 2005
We have a Solaris 9 box configured to authenticate users via AD. Everything
used to work fine but recently, AD authentication has failed for some users
but still works for others. As part of the troubleshooting process, tried
running the kinit command for a user having problems and get the following
error
kinit: KRB5 error code 52 while getting initial credentials
>From what I've found, it seems to be an issue with the user being in too
many AD groups, the Windows KDC wanting to use TCP rather than UDP, and the
MIT version not supporting it. What I'm not certain on is whether is the
version shipped with Solaris 9 is MIT-based or something proprietary to
Solaris. I've found some mention of setting a registry key on the Windows
Domain controllers but have not been able to find anything specific. I also
believe this issue cropped up after we began upgrading some of the domain
controllers to Windows 2003.
At this point, we're still having the problem with no resolution. Has
anyone else encountered this issue? If so, is there a patch from SUN to
address it or did you have to do something else? Would appreciate any
insight into this problem
Thanks,
Bill
More information about the Kerberos
mailing list