E-mail concerns to - KDC reply did not match expectations / plamping at lake.ollusa.edu
Drapaniotis, Vangelis (MA)
Vangelis.Drapaniotis at tntinnight.de
Mon Dec 14 11:39:05 EST 2009
Hallo Paul
I've read up your E-mail concerning " Kerberos error - KDC reply did not match expectations" dated on Fri Oct 30 2009.
I've got into difficulty after configuring KRB5 on an AIX 5.3 Lpar to access the KDC on a remote WIn2003 Rel. 2 ADS.
For this constellation, I've added same entries as you've done in the methofs.cfg
KRB5A:
program = /usr/lib/security/KRB5A
program_64 = /usr/lib/security/KRB5A_64
options = authonly,tgt_verify=no,kadmind=no,is_kadmind_compat=no
KRB5:
program = /usr/lib/security/KRB5
options = authonly
I can so far obtain Tickets, after me authorised with kinit from Service principal KDC on the Active Directory Server.
The following User entries have been added on to the system after I called "mkuser registry=KRB5Afiles SYSTEM=KRB5Afiles UserXXX".
UserXXX:
admin = false
registry = KRB5Afiles
SYSTEM = "KRB5Afiles"
The /usr/lib/security KRB5 and KRN5_64 modules are O.K, but still the access (telnet) on the IBM KRB Client using ADS user is denied
by 3004-619 Security method "KRB5Afiles" could not be loaded.
Have you an idea how to sort out the problem.
I' would be deeply grateful to you in case you could send me some tips about it.
Best regards
Vangelis
E-Mail:
Vangelis.Drapaniotis at tntinnight.de<mailto:Vangelis.Drapaniotis at tntinnight.de>
More information about the Kerberos
mailing list