Problems with authenticating to a Win domain controller
radaczynski@gmail.com
radaczynski at gmail.com
Wed May 28 03:00:59 EDT 2008
On 28 Maj, 08:58, radaczyn... at gmail.com wrote:
> Hi,
>
> I've recently encountered a strange error when trying to get a ticket
> from a W2k domain controller. My setup is like this:
>
> 1. krb5.conf:
> [libdefaults]
> default_realm = DOMAIN1.COM
> forwardable = true
> proxiable = true
> dns_lookup_realm = false
> dsn_lookup_kdc = false
> v4_instance_resolve = false
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> }
> plain = {
> something = something-else
> }
> }
>
> [realms]
> DOMAIN1.COM = {
> kdc = aaa.domain1.com:88
> }
>
> [domain_realm]
> .domain1.com = DOMAIN1.COM
> domain1.com = DOMAIN1.COM
> .domain2.com = DOMAIN2.COM
> domain2.com = DOMAIN2.COM
>
> [appdefaults]
> pam = {
> debug=false
> forwardable=true
> krb4_convert=false
> }
>
> DOMAIN2 is a trusted domain of DOMAIN1
>
> now, when i do this:
> kinit myu... at DOMAIN2.COM
> Password for myu... at DOMAIN2.COM:
>
> and i get a TGT: renew until 05/29/08 08:55:12, Etype (skey, tkt):
> ArcFour with HMAC/md5, ArcFour with HMAC/md5, the principal is: krbtgt/
> DOMAIN2.... at DOMAIN2.COM
>
> then I try:
> kvno HTTP/test.domain1.... at DOMAIN1.COM
> and get:
> Server not found in Kerberos database while getting credentials
>
> when I ty:
> kvno HTTP/test.domain1.... at DOMAIN2.COM
> I get:
> KDC reply did not match expectations while getting credentials
>
> Any help would be greatly appreciated.
It seems that there is a similar thread (or rather a question) here:
http://article.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/2869
More information about the Kerberos
mailing list