Windows Xp authentication to MIT KDC
Chaskiel M Grundman
cg2v at andrew.cmu.edu
Fri May 26 21:09:58 EDT 2006
--On Friday, May 26, 2006 04:39:28 PM -0700 Quanah Gibson-Mount
<quanah at stanford.edu> wrote:
> I think this is related to a lack of SRV records for our KDC, because
> when I go into the properties for "My Computer" and tell it to join the
> "stanford.edu" domain, I get:
> Are SRV records an absolute
> requirement with windows?
srv records are an absolute requirement for windows domains. external realm
authentication (like you set up with ksetup) does not require them.
Did you set a machine account password? is it correct? does the name of the
relevant host principal exactly match <NETBIOSNAME>.stanford.edu? It is
possible that configuring the 'primary dns suffix' (hit the 'more' button
in the dialog that allows you to join a domain) will allow you to use a
more arbitrary principal name. I have never tried, and the documentation
does not say anything about it.
More information about the Kerberos
mailing list