Problems trying to authenticate Unix users via Active Directory
Smith, William E. (Bill), Jr.
Bill.Smith at jhuapl.edu
Mon Aug 29 10:14:28 EDT 2005
I did notice that things seem to work properly in Solaris 10 and figured
it must include TCP support. Modifying the user account property to not
require kerberos pre-authentication has worked but that has some
implications of its own. I will investigate some of the other
suggestions though
Bill
-----Original Message-----
From: Wyllys Ingersoll [mailto:wyllys.ingersoll at sun.com]
Sent: Monday, August 29, 2005 10:10 AM
To: Smith, William E. (Bill), Jr.
Cc: kerberos at mit.edu
Subject: Re: Problems trying to authenticate Unix users via Active
Directory
Bill Smith wrote:
>>From what I've found, it seems to be an issue with the user being in
>>too
>many AD groups, the Windows KDC wanting to use TCP rather than UDP, and
>the MIT version not supporting it. What I'm not certain on is whether
>is the version shipped with Solaris 9 is MIT-based or something
>proprietary to Solaris. I've found some mention of setting a registry
>key on the Windows ]
>
>
The SEAM packages in Solaris are based on MIT, though they are not
identical, there are
some minor differences. Solaris 9 SEAM does not have TCP support,
which is needed
to work with Windows 2003 server. There are workarounds, as others
have pointed out.
>
>At this point, we're still having the problem with no resolution. Has
>anyone else encountered this issue? If so, is there a patch from SUN
>to address it or did you have to do something else? Would appreciate
>any insight into this problem
>
>
I'm not sure if we have a patch for Solaris 9, but I do know that
Solaris 10 has TCP support and does not suffer the same problems as the
Solaris 8 and 9 versions.
-Wyllys
More information about the Kerberos
mailing list