Windows 2003 AD

Christoph Ohliger ohliger at fh-rosenheim.de
Wed Jan 31 07:04:17 EST 2007


Hi,

hope anybody can give me some hints ... I want to implement a SSO 
feature between Novell NDS and Windows AD with Kerberos.

Using the MIT KDC V1.6 i am able to implement the Novell principal/login 
but have problems with Windows AD. Same cross-realm configuration and 
same AD works with a Heimdal KDC ,-) In any configuration i get the 
following log entry in MIT KDC when trying to map a drive on Windows 
server (KDC.DE is the realm for MIT and WIN.KDC.DE for Windows, i also 
tried complete different realms).

Jan 31 10:41:55 kdc krb5kdc[7881](info): TGS_REQ (7 etypes {23 -133 -128 
3 1 24 -135}) 141.60.131.32: UNKNOWN_SERVER: authtime 1170236388,  
cris at KDC.DE for cifs/vmps.win.kdc.de at KDC.DE, Server not found in 
Kerberos database

I have checked following points:

- the workstation is configured for the KDC.DE realm and can login to MIT
- the krbtgt for cross-realm has only encryption type des-cbc-crc, i 
also tried with des-cbc-crc and rc4-hmac
- i tried to use fixed realm configuration in krb5.conf and DNS one
- t_walk_rtree shows no failure
- the user in AD is marked not to use Pre Authentication
- the Cross-Realm in AD is implemented transitive and bi-directional

Regards
Christoph Ohliger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4765 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20070131/51b7c95d/attachment.bin


More information about the Kerberos mailing list