Strange problem with putty/sso

Jarek jarek at
Thu Oct 11 16:44:17 EDT 2012


	I have windows 2008R2 with AD and few Linux servers.
I've installed debian squeeze on one of the servers and next integrated
it with domain (kerberos, winbind, samba etc) with test PDC.
As the SSO with putty was working fine, the system has been cloned to
remaining machines. 
Next all Linux servers has been connected to production PDC but
something went wrong: on part of the servers SSO is not working - I have
to use the password.
All servers has exactly same krb5.conf and samba.conf, DNS, NTP has been
triple checked. 
kinit, password login, wbinfo, getent works but GSSAPI (from putty) is
working only on part of them.
keytabs has been created with:

net ads join -U administrator -k
net ads keytab create -U administrator

When there is a problem with SSO, in the ssh log, I see the message:
Wrong principal in request.

How can I debug this problem ?
Is there any way to see what principal is send from putty ?
Are there any other files beside krb5.conf and samba.conf which should
be checked ?

I have installed simmilar configuration in few systems, and it works
years without any problem, but here I can't find where is the problem.

Jarek <jarek at>

More information about the Kerberos mailing list