Kerberos OSX to AD
Steve Clarke
s.clarke at hrsu.mrc.ac.uk
Wed Jun 12 09:28:00 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
We're hoping to use Kerberos to authenticate our OS 10.1.5 clients on
our Win2k AD servers. Being outside the US we downloaded the
available international "extras" version for OS X, altered the
edu.mit.Kerberos to what we hope is the correct configuration and
attempted to request tickets from the AD domain. The connection
failed due to a pre-authentication error. Since we're on a learning
curve here, the reasons for this aren't immediately clear, could it
be the encryption type, as the user account is recognised in the
event logs?
We do have the domain and DCs running in secure mode and kerbtray
reveals the ticket encryption type as RC4-HMAC, but I was under he
impression that des-cbc-crc was supported for non-Win2k clients.
Error message states that a kdc for the realm could not be
contacted.
I can send a copy of the edu.mit.kerberos file and packet captures if
required.
Any help will be most appreciated.
Thanks
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPQdL8YcMeNL8drWzEQKvKACgj+TWvEZpb2yzniQR6HX+fKX4eE0AniIC
S2E3105OzNOXb0Txcr20GMOF
=AwLD
-----END PGP SIGNATURE-----
More information about the krbdev
mailing list