Strange problem with putty/sso

Douglas E. Engert deengert at
Thu Oct 11 17:35:28 EDT 2012

On 10/11/2012 3:44 PM, Jarek wrote:
> Hello!
> 	I have windows 2008R2 with AD and few Linux servers.
> I've installed debian squeeze on one of the servers and next integrated
> it with domain (kerberos, winbind, samba etc) with test PDC.
> As the SSO with putty was working fine, the system has been cloned to
> remaining machines.
> Next all Linux servers has been connected to production PDC but
> something went wrong: on part of the servers SSO is not working - I have
> to use the password.
> All servers has exactly same krb5.conf and samba.conf, DNS, NTP has been
> triple checked.
> kinit, password login, wbinfo, getent works but GSSAPI (from putty) is
> working only on part of them.
> keytabs has been created with:
> net ads join -U administrator -k
> net ads keytab create -U administrator
> When there is a problem with SSO, in the ssh log, I see the message:
> Wrong principal in request.
> How can I debug this problem ?
> Is there any way to see what principal is send from putty ?

PuTTY has logging capabilities, under Session->Logging.

Wireshark on the client would show the Kerberos client to KDC traffic.

Windows is case insensitive. Unix is case sensitive it could
be a issue with the case of a host name in a service principal.

> Are there any other files beside krb5.conf and samba.conf which should
> be checked ?
> I have installed simmilar configuration in few systems, and it works
> years without any problem, but here I can't find where is the problem.


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list