Windows 2003 AD
Christoph Ohliger
ohliger at fh-rosenheim.de
Wed Jan 31 07:04:17 EST 2007
Hi,
hope anybody can give me some hints ... I want to implement a SSO
feature between Novell NDS and Windows AD with Kerberos.
Using the MIT KDC V1.6 i am able to implement the Novell principal/login
but have problems with Windows AD. Same cross-realm configuration and
same AD works with a Heimdal KDC ,-) In any configuration i get the
following log entry in MIT KDC when trying to map a drive on Windows
server (KDC.DE is the realm for MIT and WIN.KDC.DE for Windows, i also
tried complete different realms).
Jan 31 10:41:55 kdc krb5kdc[7881](info): TGS_REQ (7 etypes {23 -133 -128
3 1 24 -135}) 141.60.131.32: UNKNOWN_SERVER: authtime 1170236388,
cris at KDC.DE for cifs/vmps.win.kdc.de at KDC.DE, Server not found in
Kerberos database
I have checked following points:
- the workstation is configured for the KDC.DE realm and can login to MIT
- the krbtgt for cross-realm has only encryption type des-cbc-crc, i
also tried with des-cbc-crc and rc4-hmac
- i tried to use fixed realm configuration in krb5.conf and DNS one
- t_walk_rtree shows no failure
- the user in AD is marked not to use Pre Authentication
- the Cross-Realm in AD is implemented transitive and bi-directional
Regards
Christoph Ohliger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4765 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070131/51b7c95d/attachment.bin
More information about the Kerberos
mailing list