Problems with authenticating to a Win domain controller

radaczynski@gmail.com radaczynski at gmail.com
Wed May 28 02:58:25 EDT 2008


Hi,

I've recently encountered a strange error when trying to get a ticket
from a W2k domain controller. My setup is like this:

1. krb5.conf:
[libdefaults]
        default_realm = DOMAIN1.COM
        forwardable = true
        proxiable = true
        dns_lookup_realm = false
        dsn_lookup_kdc = false
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }

[realms]
        DOMAIN1.COM = {
                kdc = aaa.domain1.com:88
        }

[domain_realm]
        .domain1.com = DOMAIN1.COM
        domain1.com = DOMAIN1.COM
        .domain2.com = DOMAIN2.COM
        domain2.com = DOMAIN2.COM


[appdefaults]
        pam = {
            debug=false
            forwardable=true
            krb4_convert=false
        }

DOMAIN2 is a trusted domain of DOMAIN1

now, when i do this:
kinit myuser at DOMAIN2.COM
Password for myuser at DOMAIN2.COM:

and i get a TGT:  renew until 05/29/08 08:55:12, Etype (skey, tkt):
ArcFour with HMAC/md5, ArcFour with HMAC/md5, the principal is: krbtgt/
DOMAIN2.COM at DOMAIN2.COM

then I try:
kvno HTTP/test.domain1.com at DOMAIN1.COM
and get:
Server not found in Kerberos database while getting credentials

when I ty:
kvno HTTP/test.domain1.com at DOMAIN2.COM
I get:
KDC reply did not match expectations while getting credentials

Any help would be greatly appreciated.



More information about the Kerberos mailing list