Windows login failing, with no errors?
Tom Medhurst
tom.medhurst at googlemail.com
Fri Apr 2 15:13:33 EDT 2010
Hi Guys,
I'm trying to get 2 Windows Clients (1x Windows XP Pro SP3, 1x Windows
7 Enterprise) configured so they logon via Kerberos 5-1.8 (Arch Linux
Server, Kerberos 5 build from source), and I'm soooo close I can smell
it! but...
When I login I get the error message:
"The username or password is incorrect" on the Windows client.
The log file krb5kdc.log shows the following for each attempt:
"dc1 krb5kdc[5372](info): AS_REQ (6 etypes {18 17 23 24 - 135 3})
10.0.0.3: ISSUE: authtime 1270166763, etypes {rep=23 tkt=16 ses=23},
tom at TNET.LOC for krbtgt/TNET.LOC at TNET.LOC
dc1 krb5kdc[5372](info): TGS_REQ (5 etypes {18 17 23 24 - 135})
10.0.0.3: ISSUE: authtime 1270166763, etypes {rep=23 tkt16 ses23},
tom at TNET.LOC for host/wdesk3.tnet.loc at TNET.LOC"
Is there an error hidden somewhere in this krb5kdc.log output? Or
should I be looking elsewhere?
I have done the following:
Synced the time with a ntp server (on the same box) using w32tm /config ...
Added this machine to the list of hosts (via /usr/local/sbin/kadmin.local):
kadmin.local> ank -e rc4-hmac:normal -policy host/wdesk3.tnet.loc
kadmin.local> ktadd -k /usr/local/var/krb5kdc/kadm5.keytab
Added the Windows machine to the realm, added the kdc server, and
mapped the users:
> ksetup /addkdc TNET.LOC dc1.tnet.loc
> ksetup /addkpasswd TNET.LOC dc1.tnet.loc
> ksetup /setrealm TNET.LOC
REBOOT WINDOWS
> ksetup /mapuser * *
I know that the Windows box is trying as everytime I attempt to login
I get the same messages in the server's krb5kdc.log file.
Can anybody help me figure out what I've missed?
Many Thanks,
Tom
More information about the Kerberos
mailing list