Bizzare problem with authenticating a service principal with AD
Jason Testart
jatestart at cs.uwaterloo.ca
Mon Mar 12 13:55:56 EDT 2007
Tom Yu said the following on 3/12/2007 12:29 PM:
>
> In one case I encountered, I think the reason was that AD was using
> the NetBIOS name for the server instead of its FQDN to create the
> "principal name" for the salt. Does the server in question have a
> hostname which is longer than 14 or 15 (I can't remember the exact
> number) characters?
I just watched the traffic, and I'm getting a pre-auth required followed
by a pre-auth failed. In both cases, the salt appears to be the name of
the AD account that the service principal is mapped to. Is this my
problem? How does one fix this?
More information about the Kerberos
mailing list