windows 2003 domain controller, mod_auth_kerb in linux, issue with kerberos

[Ahmar Nauman]

Hi,
 I'm using windows server 2003 as domain controller, 
i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
My browser setting are just fine as well, 



My httpd.conf is like
<Location /myURL>
  AuthType Kerberos
  AuthName "Test Kerberos Login"
  KrbVerifyKDC off # it doesn't work if i remove this line
  KrbMethodNegotiate On
  KrbMethodK5Passwd On
  KrbAuthRealms LAB1.DIGIDENT-SOLUTIONS.COM
  Krb5KeyTab /etc/krb5.keytab
  KrbSaveCredentials On
  KrbServiceName HTTP
 require valid-user
</Location>

Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,

[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
[Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)

I'm trying to resolve this issue, but nothing work out so far.  
Can anybody please help here??

regards
- Ahmar



_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us