Anybody knew answers to this question(Window XP and MIT Kerberos)?
Xiaoxia Dong
x-dong at northwestern.edu
Thu Feb 2 12:47:23 EST 2006
I found the following thread through web and can not find answers to this.
I have exactly
the same problem. Can Anybody point me to the right direction or know
answers to this?
Thanks in advance.
Rodolfo Broco Manin
<mailto:kerberos%40mit.edu?Subject=Windows%20XP%20and%20Kerberos%20auth%20&In-Reply-To=>rmanin
at ime.unicamp.br
Mon Jun 14 13:57:06 EDT 2004
* Previous message:
<http://mailman.mit.edu/pipermail/kerberos/2004-June/005659.html>suddenly
can't logon a kerberorised remote host.
* Next message:
<http://mailman.mit.edu/pipermail/kerberos/2004-June/005673.html>Windows XP
and Kerberos auth
* Messages sorted by:
<http://mailman.mit.edu/pipermail/kerberos/2004-June/date.html#5658>[ date
] <http://mailman.mit.edu/pipermail/kerberos/2004-June/thread.html#5658>[
thread ]
<http://mailman.mit.edu/pipermail/kerberos/2004-June/subject.html#5658>[
subject ]
<http://mailman.mit.edu/pipermail/kerberos/2004-June/author.html#5658>[
author ]
----------
Hi, all!
I'm configuring a Windows XP Professional workstarion to log on using MIT
Kerberos authentication. So, I used the Windows 2000 "ksetup.exe" tool to
configure the client's registry and created a local account with the same
name of my test principal.
The "host/xxx" and the user's principals exists at KDC - booth with
"des-cbc-crc:normal" encryption type (i also tryed the default one early).
Problem is: I still having the "Username or password incorrect bla bla
bla..." error at login.
Apparently, the Windows box is getting a ticket. When I type the correct
password, my KDC logs:
----------------------------
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=3 tkt=23 ses=23},
<https://mailman.mit.edu/mailman/listinfo/kerberos>guest at IME.UNICAMP.BR for
krbtgt/<https://mailman.mit.edu/mailman/listinfo/kerberos>IME.UNICAMP.BR at
IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): AS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=3 tkt=23 ses=23},
<https://mailman.mit.edu/mailman/listinfo/kerberos>guest at IME.UNICAMP.BR for
krbtgt/<https://mailman.mit.edu/mailman/listinfo/kerberos>IME.UNICAMP.BR at
IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=23 tkt=1 ses=1},
<https://mailman.mit.edu/mailman/listinfo/kerberos>guest at IME.UNICAMP.BR for
host/<https://mailman.mit.edu/mailman/listinfo/kerberos>damasco.ime.unicamp.br
at IME.UNICAMP.BR
Jun 14 12:37:18 lvs.ime.unicamp.br krb5kdc[4366](info): TGS_REQ (7 etypes
{23 -133 -128 3 1 24 -135}) 143.106.77.85: ISSUE: authtime 1087227438,
etypes {rep=23 tkt=1 ses=1},
<https://mailman.mit.edu/mailman/listinfo/kerberos>guest at IME.UNICAMP.BR for
host/<https://mailman.mit.edu/mailman/listinfo/kerberos>damasco.ime.unicamp.br
at IME.UNICAMP.BR
----------------------------
(if the password is incorrect, the "TGS_REQ" messages don't shows up)
The output of "ksetup" at this windows box looks like:
----------------------------
default realm = IME.UNICAMP.BR (external)
IME.UNICAMP.BR:
kdc = lvs.ime.unicamp.br
Mapping all users (*) to a local account by the same name (*).
----------------------------
Using a specific mapping
("<https://mailman.mit.edu/mailman/listinfo/kerberos>guest at
IME.UNICAMP.BR" => "guest") results the
same error.
My Linux and Solaris clients logs on this user with no problems at all,
and I can get a ticket issuing "kinit" (from KfW) for this user.
There are some posts about a windows registry's "debug level setting" key
for kerberos ([...]/Lsa/Kerberos/Parameters/LogLevel = 1), but I think it
doesn't work on Windows XP (not at mine).
Some idea??
Tnks in advice!!
[]s!
Rodolfo
----------
* Previous message:
<http://mailman.mit.edu/pipermail/kerberos/2004-June/005659.html>suddenly
can't logon a kerberorised remote host.
More information about the Kerberos
mailing list