Problems trying to authenticate Unix users via Active Directory
Douglas E. Engert
deengert at anl.gov
Mon Aug 29 15:20:00 EDT 2005
Smith, William E. (Bill), Jr. wrote:
> I did notice that things seem to work properly in Solaris 10 and figured
> it must include TCP support. Modifying the user account property to not
> require kerberos pre-authentication has worked but that has some
> implications of its own.
The Solaris 10 should support the pre-auth. It works for us. Why did
you think you had to turn it off?
With Solaris 5, 6, 7, 8, 9 we use/used the MIT kerberos.
I will investigate some of the other
> suggestions though
>
> Bill
>
> -----Original Message-----
> From: Wyllys Ingersoll [mailto:wyllys.ingersoll at sun.com]
> Sent: Monday, August 29, 2005 10:10 AM
> To: Smith, William E. (Bill), Jr.
> Cc: kerberos at mit.edu
> Subject: Re: Problems trying to authenticate Unix users via Active
> Directory
>
> Bill Smith wrote:
>
>
>>>From what I've found, it seems to be an issue with the user being in
>>
>>>too
>>
>>many AD groups, the Windows KDC wanting to use TCP rather than UDP, and
>
>
>>the MIT version not supporting it. What I'm not certain on is whether
>>is the version shipped with Solaris 9 is MIT-based or something
>>proprietary to Solaris. I've found some mention of setting a registry
>>key on the Windows ]
>>
>>
>
>
> The SEAM packages in Solaris are based on MIT, though they are not
> identical, there are
> some minor differences. Solaris 9 SEAM does not have TCP support,
> which is needed
> to work with Windows 2003 server. There are workarounds, as others
> have pointed out.
>
>
>>At this point, we're still having the problem with no resolution. Has
>>anyone else encountered this issue? If so, is there a patch from SUN
>>to address it or did you have to do something else? Would appreciate
>>any insight into this problem
>>
>>
>
>
> I'm not sure if we have a patch for Solaris 9, but I do know that
> Solaris 10 has TCP support and does not suffer the same problems as the
> Solaris 8 and 9 versions.
>
> -Wyllys
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list