E-mail concerns to - KDC reply did not match expectations / plamping at lake.ollusa.edu

[Drapaniotis, Vangelis (MA)]

Hallo Paul

I've read up your E-mail concerning  " Kerberos error - KDC reply did not match expectations"  dated on Fri Oct 30 2009.

I've got into difficulty after configuring KRB5 on an AIX 5.3 Lpar to access the KDC on a remote WIn2003 Rel. 2 ADS.
For this constellation, I've added same entries as you've done in the methofs.cfg

KRB5A:
        program = /usr/lib/security/KRB5A
        program_64 = /usr/lib/security/KRB5A_64
        options = authonly,tgt_verify=no,kadmind=no,is_kadmind_compat=no
KRB5:
        program = /usr/lib/security/KRB5
        options = authonly

I can so far obtain Tickets, after me authorised with kinit from Service principal KDC on the Active Directory Server.

The following User entries have been added on to the system after I called "mkuser registry=KRB5Afiles SYSTEM=KRB5Afiles UserXXX".

UserXXX:
        admin = false
        registry = KRB5Afiles
        SYSTEM = "KRB5Afiles"

The /usr/lib/security KRB5 and KRN5_64 modules are O.K, but still the access (telnet) on the IBM KRB Client using ADS user is denied
by 3004-619 Security method "KRB5Afiles" could not be loaded.

Have you an idea how to sort out the problem.
I' would be deeply grateful to you in case you could send me some tips about it.

Best regards
Vangelis

E-Mail:

Vangelis.Drapaniotis at tntinnight.de<mailto:Vangelis.Drapaniotis at tntinnight.de>