Windows Xp authentication to MIT KDC
Quanah Gibson-Mount
quanah at stanford.edu
Sun May 28 00:33:38 EDT 2006
Following up on two replies:
Chaskiel M Grundman cg2v at andrew.cmu.edu said:
> Did you set a machine account password? is it correct? does the name of
the
> relevant host principal exactly match <NETBIOSNAME>.stanford.edu? It is
> possible that configuring the 'primary dns suffix' (hit the 'more' button
> in the dialog that allows you to join a domain) will allow you to use a
> more arbitrary principal name. I have never tried, and the documentation
> does not say anything about it.
Yes, I set a machine account password. Since I was cut and pasting from
what I put into the KDC for my system, I assume it is correct, particularly
since the KDC logs show my system binding and getting a tgt. The relevant
host principal exactly matches the DNS name of my host, which is what it
uses when contacting the KDC. The primary DNS suffix is "stanford.edu",
and the NetBIOS computer name is:
SW-90-717-287-3
which is what it should be.
Richard E. Silverman res at qoxp.net said:
> All your realm names are lower case. Is that really correct? It's very
> unusual.
Yes, our realm is lower case (from a unix host):
tribes:~> klist
Ticket cache: FILE:/tmp/krb5cc_54046_WTO254
Default principal: quanah at stanford.edu
and yes, we know it is odd. ;)
> This means that on some level, the client still thinks this realm is a
> Windows domain, as opposed to an external realm. It's trying to find a
> domain controller.
Oh, I see. I was getting the error about SRV records when I was trying to
tell the system to join a domain (rather than using the workgroup
"STANFORD.EDU"). So doing that is not what I want, so the SRV errors were
correct and not the problem. Sigh....
So... Is there any debugging on the windows side of things I can turn up to
get an idea of why the logins are failing when I specify to use
"stanford.edu" at login time?
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Kerberos
mailing list