Cross-realm between Windows Server 2008 R2
Lars Schimmer
l.schimmer at cgv.tugraz.at
Wed Jun 15 04:30:15 EDT 2011
On 2011-06-14 11:11, jm130794 wrote:
> Hello,
>
> I have a little question : is it possible create a cross-realm between AD
> (Windows Server 2008 R2) and MIT Kerberos ?
>
> I tried but...
>
> When I try to connect on Windows Server with my Kerberos MIT user, I get
> these errors in krb5kdc.log :
>
> Jun 14 09:22:29 srv1 krb5kdc[979](info): AS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: NEEDED_PREAUTH: user1 at TEST.FR for krbtgt/TEST.FR at TEST.FR,
> Additional pre-authentication required
> Jun 14 09:22:29 srv1 krb5kdc[979](info): AS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: ISSUE: authtime 1308036149, etypes {rep=18 tkt=18
> ses=18}, user1 at TEST.FR for krbtgt/TEST.FR at TEST.FR
> Jun 14 09:22:29 srv1 krb5kdc[979](info): TGS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: ISSUE: authtime 1308036149, etypes {rep=18 tkt=18
> ses=18}, user1 at TEST.FR for krbtgt/AD.TEST.FR at TEST.FR
>
> Any ideas ?
We use the Win 2008R2 AD as krb5 auth. Works fine so far.
If you want to use MIT krb5 and a AD auith, both REALMs need to be
different.
MfG,
Lars Schimmer
--
-------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer at cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
More information about the Kerberos
mailing list