Win 2003 Server cross-realm authentication
jeff.quinn@gmail.com
jeff.quinn at gmail.com
Mon Apr 17 13:55:27 EDT 2006
I've set up a windows 2003 AD, a two-way transitive trust with an MIT
Kerberos server, run ksetup to add the realm of the kerb5 server, and
have created accounts on both the kerberos server and in the active
directory that allow me to successfully log in individually. I have
set the active directory server up as a terminal server, and can
remotely connect successfully using an account in the AD. I've mapped
usernames in the kerberos database to users in the AD. When I attempt
to log in to the terminal server using one of the mapped user accounts
from the kerberos server, I get the following error:
KDC_ERR_S_PRINCIPAL_UNKNOWN
I also get the error without intervention about every 5 minutes.
I've gone through Microsoft's techbase article and troubleshooting
guide for kerberos errors.
-No new computer account has been created
-UDP Fragmentation is not occurring from what I can tell.
I'm not sure if the service is registered and has an SPN set - and am
not quite sure how to go about verifying. The username krbtgt exists
and nothing seems to be wrong with it.
Could someone please offer some advice? If at all possible, not by
referring me to a microsoft techbase article - I've been looking at
those for a week, and either aren't helpful, or aren't clear on what
the appropriate steps are.
More information about the Kerberos
mailing list