Problems with authenticating to a Win domain controller
radaczynski@gmail.com
radaczynski at gmail.com
Wed May 28 02:58:25 EDT 2008
Hi,
I've recently encountered a strange error when trying to get a ticket
from a W2k domain controller. My setup is like this:
1. krb5.conf:
[libdefaults]
default_realm = DOMAIN1.COM
forwardable = true
proxiable = true
dns_lookup_realm = false
dsn_lookup_kdc = false
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
DOMAIN1.COM = {
kdc = aaa.domain1.com:88
}
[domain_realm]
.domain1.com = DOMAIN1.COM
domain1.com = DOMAIN1.COM
.domain2.com = DOMAIN2.COM
domain2.com = DOMAIN2.COM
[appdefaults]
pam = {
debug=false
forwardable=true
krb4_convert=false
}
DOMAIN2 is a trusted domain of DOMAIN1
now, when i do this:
kinit myuser at DOMAIN2.COM
Password for myuser at DOMAIN2.COM:
and i get a TGT: renew until 05/29/08 08:55:12, Etype (skey, tkt):
ArcFour with HMAC/md5, ArcFour with HMAC/md5, the principal is: krbtgt/
DOMAIN2.COM at DOMAIN2.COM
then I try:
kvno HTTP/test.domain1.com at DOMAIN1.COM
and get:
Server not found in Kerberos database while getting credentials
when I ty:
kvno HTTP/test.domain1.com at DOMAIN2.COM
I get:
KDC reply did not match expectations while getting credentials
Any help would be greatly appreciated.
More information about the Kerberos
mailing list