Cross realm authentication

Naveen bn naveen.bn at samsung.com
Tue Jan 4 01:52:52 EST 2011


<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD><TITLE>Samsung Enterprise Portal mySingle</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<STYLE id=mysingle_style type=text/css>P {
	MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; FONT-SIZE: 9pt
}
TD {
	MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; FONT-SIZE: 9pt
}
LI {
	MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; FONT-SIZE: 9pt
}
BODY {
	LINE-HEIGHT: 1.4; MARGIN: 10px; FONT-FAMILY: Arial, arial; FONT-SIZE: 9pt
}
</STYLE>

<META name=GENERATOR content=ActiveSquare></HEAD>
<BODY>
<META name=GENERATOR content=ActiveSquare>
<P><SPAN style="FONT-SIZE: 10pt"><SPAN style="FONT-SIZE: 9pt">Hi All,</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">Please guide me to get cross realm authentication working&nbsp;under windows 2008 server environment.</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">I have set up two domain with <STRONG>realm1 </STRONG>and <STRONG>realm 2</STRONG> in 2 different windows servers. I have added a one</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">way trust at realm1&nbsp;for realm2. </SPAN><SPAN style="FONT-SIZE: 9pt">The client is in realm1 wants to access a server at <STRONG>realm2</STRONG> . I got the </SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">AS-REP with referral ticket for&nbsp;</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;</SPAN><SPAN style="FONT-SIZE: 9pt"><STRONG><A href="mailto:krbtgt/realm2 at realm1">krbtgt/realm2 at realm1</A></STRONG> </SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;</SPAN><SPAN style="FONT-SIZE: 9pt">from realm1 KDC server , Now the problem is</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">&nbsp;the</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp; </SPAN><SPAN style="FONT-SIZE: 9pt">I am sending TGS-REQ </SPAN><SPAN style="FONT-SIZE: 9pt">to KDC server of <STRONG>realm2 </STRONG>by submitting referral TGT , but the server returns</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">&nbsp;with a KRB Error: </SPAN><SPAN style="FONT-SIZE: 9pt">KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN </SPAN><SPAN style="FONT-SIZE: 9pt">even though the principal name is the same</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">&nbsp;as the name with </SPAN><SPAN style="FONT-SIZE: 9pt">working condition in single realm setup.</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 9pt">&nbsp;</SPAN></o:p><SPAN style="FONT-SIZE: 9pt">In Info in TGS req.</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">Padata field -&gt;</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp; </SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="FONT-SIZE: 9pt">Tkt-vno: 5</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">Realm: realm1.com</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">Server Name (Principal): krbtgt/realm2.com</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">&nbsp;</SPAN></o:p><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes">Kdc-Req-body-&gt;</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: yes"></SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="FONT-SIZE: 9pt">Realm: REALM2.COM</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN><SPAN style="FONT-SIZE: 9pt">Server Name (Principal): ldap/win2003dpdnic.realm2.com</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 9pt">&nbsp;</SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p><SPAN style="FONT-SIZE: 9pt">Please&nbsp;guide me on identifying and resolve the&nbsp;problem&nbsp;for cross realm authentication.&nbsp;&nbsp;</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt"></SPAN>&nbsp;</P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">Thanks and Regards</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">Naveen</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P></SPAN>
<P>&nbsp;</P><!--SP:naveen.bn--><!--naveen.bn:EP-->
<P>&nbsp;</P></BODY></HTML><img src='http://ext.samsung.net/mailcheck/SeenTimeChecker?do=819bad59c7908697f44e562e0b410c2369df4a29e858fba74b240a564ff6e9cb7c86263f3d414723d2cb7c2a93c43c11a728c55b39cc59eacf878f9a26ce15a0' border=0 width=0 height=0 style='display:none'>


More information about the Kerberos mailing list