Kerbers Pre-Auth Problem
Scott Moseman
scmoseman at gmail.com
Fri Jul 21 09:50:36 EDT 2006
Security Event (Event ID 675) on an ADS...
Pre-authentication failed:
User Name: jsmith
User ID: DOMAIN\jsmith
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 10.10.10.10
jsmith's account works fine in the domain, but from this particular
client it's not working. This client (actually a Cisco network device
using Kerberbos) authenticates all of the other users ok. Only jsmith
has a problem, and only from this client.
I can enable the "Do not require pre-authentication" option under
ActiveDirectory, and it works, but the fact that I need to do this (and
only for one person) tells me there's a problem with something else on
the network.
Reviewing RFC 1510, I think my failure code means
KDC_ERR_SERVICE_REVOKED which translates to "Credentials for server
have been revoked". But it does not make sense to me that the server
(well, the Cisco device) can still authenticate the other users just
fine.
Thanks,
Scott
More information about the Kerberos
mailing list