Cross realm between AD and MIT

Robert Wehn robert.wehn at rz.uni-augsburg.de
Wed Aug 24 09:25:36 EDT 2011


Hi JM

might be a dns error.
The Client (user) has to guess the realm to the service and often uses
dns (for example TXT records) or some registry entry (HostTorealm) to
determine the KRB REALM for the service (in this case the local login).

Try to wireshark what DNS request a win XP Machine does, when you try to
login using Cross Realm Trust
Do the same on the Windows 7 Machine.

When testing Cross-Realm trust several months ago I had the impression
MS changed something there, but i didn't really finish this.
Actually it doesn't read out TXT Records which worked fine for WinXP.

If you find out something, pleas tell me.

Robert.

Am 24.08.2011 14:06, schrieb jm130794:
> I used wireshark to find why my connection fails. It seems that AD returns
> the error KDC_ERR_WRONG_REALM. It's weird that I can connect to the server and
> not on the client!
>
> Regards,
>
>
> JM
>
> 2011/8/24 jm130794 <jm130794 at gmail.com>
>
>> Hello
>>
>> I installed a cross realm between my MIT and an AD. I can open a session on
>> my AD server with a principal defined in my MIT Kerberos (eg user1).
>>
>> I added a Windows Seven to my Microsoft Domain. I can open a session on
>> this station with the Domain Administrator Domain without problem.
>>
>> When I try to open a session with user1 (MIT principal), that doesn't
>> work...
>>
>> Any idea ?
>>
>> Thanks,
>>
>> JM
>>
>>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028




More information about the Kerberos mailing list