Problem

Frédéric FRAYSSE ffraysse at eurilogic.fr
Thu Apr 12 11:22:42 EDT 2007


I have a machine with WIN 2003 server and i have installed an Active Directory service and the domain is MICA.

I added the user testkerberos to the active directory

 

I have another machine with windows XP in the domain of the euri

 

 

I put in the directory C:\WINDOWS\krb5.ini this:

 

[libdefaults]

            default_realm = MICA.FR

            dns_lookup_kdc = true

            dns_lookup_realm = false

 

[realms]

                        MICA.FR = {

                                               kdc = Win2003srv

#                                             admin_server = Win2003srv

#                                             default_domain = mica.fr

                        }

                        

                        

[logging]

#          kdc = CONSOLE

 

 

I do a "kinit  -5 testkerberos" on the win xp machine and the "klist -5" done :

Ticket cache: API:krb5cc

Default principal: testkerberos at MICA.FR

 

Valid starting     Expires            Service principal

04/12/07 17:06:59  04/13/07 03:06:59  krbtgt/MICA.FR at MICA.FR

 

It is OK.

 

On the win 2003 srv, I generate the krb5kt with the command: 

ktpass.exe -out krb5kt -princ testkerberos/eu-000525.euri.fr at MICA.FR -pass testkerberos -mapuser testkerberos -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL

 

And I put the krb5kt on the c:\windows on the windows XP.

 

 

When I run the command "gss-server testkerberos", the result is:

GSS-API error acquiring credentials: Miscellaneous failure

GSS-API error acquiring credentials: No principal in keytab matches desired name

 

 

When I run the command "gss-server testkerberos/eu-000525.euri.fr at MICA.FR", the result is:

GSS-API error importing name: An invalid name was supplied

GSS-API error importing name: Hostname cannot be canonicalized

 

 

I do the klist -k :

Keytab name: FILE:C:\\windows\\krb5kt

KVNO Principal

---- --------------------------------------------------------------------------

  42 testkerberos/eu-000525.euri.fr at MICA.FR

 

 

Where is the mistake?

 

 

Please help me.

Thanks




More information about the Kerberos mailing list