Windows 2000 SP4 Kerberos Problem
Douglas E. Engert
deengert at anl.gov
Wed Jan 25 13:52:35 EST 2006
Can you run ethereal (www.ethereal.com) and trace the KRB5 packets to
see exactly why it says it can't find m4appservice/gcxermdevas301.grupocgd.com
Fernando wrote:
> Hello
>
> I'm having problems using Kerberos to make SSO from any PC with Windows
> 2000 SP4 with a Win2003 server using a web page. I can't get the
> kerberos ticket.
> If I try to do the same operation from a WinXP SP2 or from a Windows
> 2003 I have no problems.
>
> I've confirm all the options in IE and in all the environments I have
> checked the same options.
>
> The error that I'm getting in the m4krb5log.txt file that kerberos
> generate is:
> [01/25/06 10:23:50][ERROR][While executing krb5_mk_req for
> m4appservice/gcxermdevas301.grupocgd.com] Server not found in Kerberos
> database.
>
> I've searched all over the web for a solucion for my problem but with
> no success.
> All the solucions refers to Apache and Unix.
>
> The KDC I'm accessing is in a Win2003, and I have generated my key file
> with the KTPASS for W2003 SP1.
>
> This is the log that I've get generating the key file:
> C:\>ktpass -princ m4appservice/gcxermdevas301.grupocgd.com at GRUPOCGD.COM
> -mapuser YYSSI60 at grupocgd.com
> Targeting domain controller: gcxnclidcss302.GrupoCGD.com
> Successfully mapped m4appservice/gcxermdevas301.grupocgd.com to
> YYSSI60.
>
> C:\>ktpass -princ m4appservice/gcxermdevas301.grupocgd.com at GRUPOCGD.COM
> -ptype KRB5_NT_SRV_HST -pass yyssi60 -mapuser YYSSI60 at grupocgd.com -out
> krbkt.key -mapOp set Targeting domain controller:
> gcxnclidcss302.GrupoCGD.com
> Successfully mapped m4appservice/gcxermdevas301.grupocgd.com to
> YYSSI60.
> WARNING: pType and account type do not match. This might cause
> problems.
> Key created.
> Output keytab to krbkt.key:
> Keytab version: 0x502
> keysize 88 m4appservice/gcxermdevas301.grupocgd.com at GRUPOCGD.COM ptype
> 3 (KRB5_NT_SRV_HST) vno 2 etype 0x17 (RC4-HMAC) keylength 16
> (0x4b18d01653d2921febb2cd9d11937aeb)
>
> In all Win2000 stations I've create a Environment Variable called
> KRB5_CONFIG that is pointing to a file call krb5.ini containing:
> [domain_realm]
> grupocgd.com = GRUPOCGD.COM
>
> [libdefaults]
> default_realm = GRUPOCGD.COM
> dns_lookup_kdc = false
>
> [realms]
> GRUPOCGD.COM = {
> admin_server = gcxnclidcss302.grupocgd.com
> kdc = gcxnclidcss302.grupocgd.com
> default_domain = GRUPOCGD.COM
> }
>
> Can you help me with this problem ?
> Is something with my Active Directory, with my PC W2000 configuration,
> what can I confirm ?
>
> Many Thanks to you all
> Fernando
> PS - Sorry for my english :-)
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list