Kerberos & AD Setup Issue
Ranjith Murugan
muruganr at vmware.com
Tue Sep 6 11:19:45 EDT 2011
Used des-cbc-crc:normal encryption type.
kadmin -q "ank -pw password -e des-cbc-crc:normal
krbtgt/QA12.INT at QA12.INT"
regards,
Ranjith.
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of Mauricio Tavares
Sent: Tuesday, September 06, 2011 3:56 PM
To: kerberos at mit.edu
Subject: Re: Kerberos & AD Setup Issue
On Tue, Sep 6, 2011 at 10:32 AM, Ranjith Murugan <muruganr at vmware.com>
wrote:
> Hi all
>
>
>
> I have been trying to setup an Kerberos and Active Directory setup,
Seeing
> the same issue you have mentioned in you post (Preauth and ticket
> forwarding). I am currently not able to login to a windows machine using
a
> kerberos user. The Kerberos Server logs show a error [NEEDED_PREAUTH:
> <mailto:admin at QA12.INT> admin at QA12.INT for
> <mailto:krbtgt/QA12.INT at QA12.INT> krbtgt/QA12.INT at QA12.INT, Additional
> pre-authentication required].
>
>
>
> Error from the kerberos server:
>
>
>
> Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (7 etypes {23 -133
> -128 3 1 24 -135}) 10.20.221.180: NEEDED_PREAUTH: admin at QA12.INT for
> krbtgt/QA12.INT at QA12.INT, Additional pre-authentication required
>
> Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (2 etypes {3 1})
> 10.20.221.180: ISSUE: authtime 1315318814, etypes {rep=3 tkt=1 ses=1},
> admin at QA12.INT for krbtgt/QA12.INT at QA12.INT
>
> Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133
> -128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes
> {rep=1 tkt=1 ses=1}, admin at QA12.INT for krbtgt/QA10.INT at QA12.INT
>
> Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133
> -128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes
> {rep=1 tkt=16 ses=1}, admin at QA12.INT for
> <mailto:host/dmtest.qa10.int at QA12.INT> host/dmtest.qa10.int at QA12.INT
>
>
>
> Environment:
>
> - Kerberos Server(Ubuntu 10.10)
>
> - AD - Windows 2003 R2
>
>
>
> Tried to do an Wireshark trace on the communication between the Windows
AD
> and Kerberos Server, I found that the PA-ENC-TIMESTAMP - data missing,
> Could someone let me know if I am missing some configuration
information.
>
Dumb question: which encryption types did you configure in the
Windows box? If you want to do a quick test, create the windows host
principal in the kdc using just arcfour and see if you are able to
connect.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list