Problems trying to authenticate Unix users via Active Directory

Douglas E. Engert deengert at anl.gov
Mon Aug 29 15:20:00 EDT 2005



Smith, William E. (Bill), Jr. wrote:

> I did notice that things seem to work properly in Solaris 10 and figured
> it must include TCP support. Modifying the user account property to not
> require kerberos pre-authentication has worked but that has some
> implications of its own.

The Solaris 10 should support the pre-auth. It works for us. Why did
you think you had to turn it off?

With Solaris 5, 6, 7, 8, 9 we use/used the MIT kerberos.


  I will investigate some of the other
> suggestions though
> 
> Bill
> 
> -----Original Message-----
> From: Wyllys Ingersoll [mailto:wyllys.ingersoll at sun.com] 
> Sent: Monday, August 29, 2005 10:10 AM
> To: Smith, William E. (Bill), Jr.
> Cc: kerberos at mit.edu
> Subject: Re: Problems trying to authenticate Unix users via Active
> Directory
> 
> Bill Smith wrote:
> 
> 
>>>From what I've found, it seems to be an issue with the user being in 
>>
>>>too
>>
>>many AD groups, the Windows KDC wanting to use TCP rather than UDP, and
> 
> 
>>the MIT version not supporting it.  What I'm not certain on is whether 
>>is the version shipped with Solaris 9 is MIT-based or something 
>>proprietary to Solaris.  I've found some mention of setting a registry 
>>key on the Windows ]
>> 
>>
> 
> 
> The SEAM packages in Solaris are based on MIT, though they are not
> identical, there are
> some minor differences.    Solaris 9 SEAM does not have TCP support, 
> which is needed
> to work with Windows 2003 server.   There are workarounds, as others 
> have pointed out.
> 
> 
>>At this point, we're still having the problem with no resolution.  Has 
>>anyone else encountered this issue?  If so, is there a patch from SUN 
>>to address it or did you have to do something else?  Would appreciate 
>>any insight into this problem
>> 
>>
> 
> 
> I'm not sure if we have a patch for Solaris 9, but I do know that
> Solaris 10 has TCP support and does not suffer the same problems as the
> Solaris 8 and 9 versions.
> 
> -Wyllys
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list