Problems trying to authenticate Unix users via Active Directory

[Wachdorf, Daniel R]

See

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/O
perations/3872f0d7-e4b3-49ed-9a4b-1fefbf0d4547.mspx

http://support.microsoft.com/?kbid=832572

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Bill Smith
Sent: Thursday, August 25, 2005 8:35 AM
To: kerberos at mit.edu
Subject: Problems trying to authenticate Unix users via Active Directory

We have a Solaris 9 box configured to authenticate users via AD.
Everything 
used to work fine but recently, AD authentication has failed for some
users 
but still works for others.  As part of the troubleshooting process,
tried 
running the kinit command for a user having problems and get the
following 
error

kinit: KRB5 error code 52 while getting initial credentials

>From what I've found, it seems to be an issue with the user being in
too 
many AD groups, the Windows KDC wanting to use TCP rather than UDP, and
the 
MIT version not supporting it.  What I'm not certain on is whether is
the 
version shipped with Solaris 9 is MIT-based or something proprietary to 
Solaris.  I've found some mention of setting a registry key on the
Windows 
Domain controllers but have not been able to find anything specific.  I
also 
believe this issue cropped up after we began upgrading some of the
domain 
controllers to Windows 2003.

At this point, we're still having the problem with no resolution.  Has 
anyone else encountered this issue?  If so, is there a patch from SUN to

address it or did you have to do something else?  Would appreciate any 
insight into this problem

Thanks,

Bill 


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos