Problem
Frédéric FRAYSSE
ffraysse at eurilogic.fr
Thu Apr 12 11:22:42 EDT 2007
I have a machine with WIN 2003 server and i have installed an Active Directory service and the domain is MICA.
I added the user testkerberos to the active directory
I have another machine with windows XP in the domain of the euri
I put in the directory C:\WINDOWS\krb5.ini this:
[libdefaults]
default_realm = MICA.FR
dns_lookup_kdc = true
dns_lookup_realm = false
[realms]
MICA.FR = {
kdc = Win2003srv
# admin_server = Win2003srv
# default_domain = mica.fr
}
[logging]
# kdc = CONSOLE
I do a "kinit -5 testkerberos" on the win xp machine and the "klist -5" done :
Ticket cache: API:krb5cc
Default principal: testkerberos at MICA.FR
Valid starting Expires Service principal
04/12/07 17:06:59 04/13/07 03:06:59 krbtgt/MICA.FR at MICA.FR
It is OK.
On the win 2003 srv, I generate the krb5kt with the command:
ktpass.exe -out krb5kt -princ testkerberos/eu-000525.euri.fr at MICA.FR -pass testkerberos -mapuser testkerberos -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL
And I put the krb5kt on the c:\windows on the windows XP.
When I run the command "gss-server testkerberos", the result is:
GSS-API error acquiring credentials: Miscellaneous failure
GSS-API error acquiring credentials: No principal in keytab matches desired name
When I run the command "gss-server testkerberos/eu-000525.euri.fr at MICA.FR", the result is:
GSS-API error importing name: An invalid name was supplied
GSS-API error importing name: Hostname cannot be canonicalized
I do the klist -k :
Keytab name: FILE:C:\\windows\\krb5kt
KVNO Principal
---- --------------------------------------------------------------------------
42 testkerberos/eu-000525.euri.fr at MICA.FR
Where is the mistake?
Please help me.
Thanks
More information about the Kerberos
mailing list