[27313] in Kerberos
Windows 2003 AD
daemon@ATHENA.MIT.EDU (Christoph Ohliger)
Wed Jan 31 07:04:18 2007
Message-ID: <45C085C1.4050904@fh-rosenheim.de>
Date: Wed, 31 Jan 2007 13:04:17 +0100
From: Christoph Ohliger <ohliger@fh-rosenheim.de>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============1811842979=="
Errors-To: kerberos-bounces@mit.edu
This is a cryptographically signed message in MIME format.
--===============1811842979==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms010902000308040601070102"
This is a cryptographically signed message in MIME format.
--------------ms010902000308040601070102
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Hi,
hope anybody can give me some hints ... I want to implement a SSO
feature between Novell NDS and Windows AD with Kerberos.
Using the MIT KDC V1.6 i am able to implement the Novell principal/login
but have problems with Windows AD. Same cross-realm configuration and
same AD works with a Heimdal KDC ,-) In any configuration i get the
following log entry in MIT KDC when trying to map a drive on Windows
server (KDC.DE is the realm for MIT and WIN.KDC.DE for Windows, i also
tried complete different realms).
Jan 31 10:41:55 kdc krb5kdc[7881](info): TGS_REQ (7 etypes {23 -133 -128
3 1 24 -135}) 141.60.131.32: UNKNOWN_SERVER: authtime 1170236388,
cris@KDC.DE for cifs/vmps.win.kdc.de@KDC.DE, Server not found in
Kerberos database
I have checked following points:
- the workstation is configured for the KDC.DE realm and can login to MIT
- the krbtgt for cross-realm has only encryption type des-cbc-crc, i
also tried with des-cbc-crc and rc4-hmac
- i tried to use fixed realm configuration in krb5.conf and DNS one
- t_walk_rtree shows no failure
- the user in AD is marked not to use Pre Authentication
- the Cross-Realm in AD is implemented transitive and bi-directional
Regards
Christoph Ohliger
--------------ms010902000308040601070102
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPNjCC
BOwwggPUoAMCAQICBAlW/ywwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCREUxEzARBgNV
BAoTCkRGTi1WZXJlaW4xEDAOBgNVBAsTB0RGTi1QS0kxJTAjBgNVBAMTHERGTi1WZXJlaW4g
UENBIENsYXNzaWMgLSBHMDEwHhcNMDYxMDE5MTM0NjA1WhcNMTAxMDE4MTM0NjA1WjBbMQsw
CQYDVQQGEwJERTEhMB8GA1UEChMYRmFjaGhvY2hzY2h1bGUgUm9zZW5oZWltMRYwFAYDVQQL
Ew1SZWNoZW56ZW50cnVtMREwDwYDVQQDEwhGSC1STyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJodJMjDyQ77rHZ5bTMgVt8+F8hqY3cihBcYcIPZpFCjPIsuVfBI/Eq7
dzyyHcfWUxOOq1wfFiTEyfBPuS1OQCsOrCOa0cibTTBfLTB2j9ZC+OH5WZIEjTjlkR3VdVhL
DT2Q/cB7kt3UwNwsQOGougktxqEl/UlFZSBVH5zOrHrR/sNdXsmtkHW3t+t4GgB2wXmuNs94
NfCbLc0vooZgQ7KKZVxyaANe/sxDqbtZ1P5eafpIygZH0Ak62e8N+tnGXNv37JZQnQW76eiS
Irb3m5GEniCt5S9P9NEjb3x2UpSuZ0pe8fuAL8248fbo/vPCIO2Xr4lfdokhMhCMw0+IF3sC
AwEAAaOCAbYwggGyMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBS5
Xcgp4WIPqRumalGj1Q1O5augsTAfBgNVHSMEGDAWgBSDrjvMk+EkUnrpIE+DcKIq3XsvATAd
BgNVHREEFjAUgRJjYUBmaC1yb3NlbmhlaW0uZGUwgYsGA1UdHwSBgzCBgDA+oDygOoY4aHR0
cDovL2NkcDEucGNhLmRmbi5kZS9jbGFzc2ljLXJvb3QtY2EvcHViL2NybC9jYWNybC5jcmww
PqA8oDqGOGh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvY2xhc3NpYy1yb290LWNhL3B1Yi9jcmwv
Y2FjcmwuY3JsMIGkBggrBgEFBQcBAQSBlzCBlDBIBggrBgEFBQcwAoY8aHR0cDovL2NkcDEu
cGNhLmRmbi5kZS9jbGFzc2ljLXJvb3QtY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MEgGCCsG
AQUFBzAChjxodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2NsYXNzaWMtcm9vdC1jYS9wdWIvY2Fj
ZXJ0L2NhY2VydC5jcnQwDQYJKoZIhvcNAQEFBQADggEBABUUp6vFSLf6TWMR9d7Sua0fVzeZ
0U5+lNnNRe6wg81LQkPy7ntYnu1XyKgNftUNgpMZ7qpdkXMnZiRTADOoevX3tN93pavrUrDL
NjlLy8Jc/tLwNE7URvMyIkCgXzsS5wIpkRaqGB7eYi4Ik2IFY0+OH/JzXPT+kAM9t3cDMQ7C
irlG6+MF0GouJ/ESwQALeeSFyzBQ6DvHeYxIA8z74zqiSWHt3Zh1SHSw++J59eIXuwjx8lyZ
BuOMztpG+aOoagZ24KKQOjKXxFNCCALXrGtjFQ2AHysGO/MIz+iLEk/bLnpof2rO/5VeFW8K
lEiJuPMEz4VYGfUcXRTVP/RxKm0wggUfMIIEB6ADAgECAgQJbsSiMA0GCSqGSIb3DQEBBQUA
MFsxCzAJBgNVBAYTAkRFMSEwHwYDVQQKExhGYWNoaG9jaHNjaHVsZSBSb3NlbmhlaW0xFjAU
BgNVBAsTDVJlY2hlbnplbnRydW0xETAPBgNVBAMTCEZILVJPIENBMB4XDTA2MTEwNjE0MzA0
M1oXDTA3MTEwNjE0MzA0M1owZDELMAkGA1UEBhMCREUxITAfBgNVBAoTGEZhY2hob2Noc2No
dWxlIFJvc2VuaGVpbTEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTEaMBgGA1UEAxMRQ2hyaXN0
b3BoIE9obGlnZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOzr05Izq/GX18
Pr3R85ci6GEwBpWiHdD9heilJNTuqJXK/mrWrjHrx2yTG4SWdQQDhxe3e2H8jSZG+37DfLiP
byXLTh7t3wrzPx22YNH5iHAxT1rBHzZKzYXIO8rgffypaHWH6r1IB4Z5WcVAkok/gUfKg90L
4vmyZOhB0xXRrLYyKIDRJiuP8Y6HDIAIo+nr54++CahPxINrev3XYSdBxZFni/p7nN7KTIrB
13tBK4EkS5q9FLCRZAbaX8PlBsf32Imv8iOHeR6WFE+1bjcU2297HkUw7CPZJW/pEK1Y+Xs9
ctDKIXwWmBDJ1hguQlvD89unOU+VrOM+qDCmVO3jAgMBAAGjggHgMIIB3DAJBgNVHRMEAjAA
MAsGA1UdDwQEAwIF4DApBgNVHSUEIjAgBggrBgEFBQcDAgYIKwYBBQUHAwQGCisGAQQBgjcU
AgIwHQYDVR0OBBYEFAR4yFZgo3YK9ZJSC+xLRV8O6zIpMB8GA1UdIwQYMBaAFLldyCnhYg+p
G6ZqUaPVDU7lq6CxMCIGA1UdEQQbMBmBF29obGlnZXJAZmgtcm9zZW5oZWltLmRlMIGLBgNV
HR8EgYMwgYAwPqA8oDqGOGh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZmgtcm9zZW5oZWltLWNh
L3B1Yi9jcmwvY2FjcmwuY3JsMD6gPKA6hjhodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2ZoLXJv
c2VuaGVpbS1jYS9wdWIvY3JsL2NhY3JsLmNybDCBpAYIKwYBBQUHAQEEgZcwgZQwSAYIKwYB
BQUHMAKGPGh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZmgtcm9zZW5oZWltLWNhL3B1Yi9jYWNl
cnQvY2FjZXJ0LmNydDBIBggrBgEFBQcwAoY8aHR0cDovL2NkcDIucGNhLmRmbi5kZS9maC1y
b3NlbmhlaW0tY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAA
T5ljc9YyjglusCaflrvn8EVwV/Xxfz3zD35LAgRShWNUe+pJbwCz+4Rv2qkyq0MZ0lIgV0Bs
0qxEd0lezVPJtaRMpDQVW7b8YU/a0Yt3bmR9cv+N2tYCAVWTE/H/eJv9TDthqBnq+3QrOMxg
YFRLOhGgj1VBhWoTCbdS0xLwzqVwGD6kzUF9yE6sk0hvwI9Mt3ereoQugtm/gi2gfx0MYSls
QbEg2akpFlhE1krSayHe5gHrHWDjeuZct/KGFLKc9LN2j5SUaG5Gr4NcbdknOPhEdRFovM5V
O+U5nXBezOVHpR6A3QLKFDj9VBFlEYum3eBI7jBj/dMeohyHdcmmMIIFHzCCBAegAwIBAgIE
CW7EojANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJERTEhMB8GA1UEChMYRmFjaGhvY2hz
Y2h1bGUgUm9zZW5oZWltMRYwFAYDVQQLEw1SZWNoZW56ZW50cnVtMREwDwYDVQQDEwhGSC1S
TyBDQTAeFw0wNjExMDYxNDMwNDNaFw0wNzExMDYxNDMwNDNaMGQxCzAJBgNVBAYTAkRFMSEw
HwYDVQQKExhGYWNoaG9jaHNjaHVsZSBSb3NlbmhlaW0xFjAUBgNVBAsTDVJlY2hlbnplbnRy
dW0xGjAYBgNVBAMTEUNocmlzdG9waCBPaGxpZ2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAzs69OSM6vxl9fD690fOXIuhhMAaVoh3Q/YXopSTU7qiVyv5q1q4x68dskxuE
lnUEA4cXt3th/I0mRvt+w3y4j28ly04e7d8K8z8dtmDR+YhwMU9awR82Ss2FyDvK4H38qWh1
h+q9SAeGeVnFQJKJP4FHyoPdC+L5smToQdMV0ay2MiiA0SYrj/GOhwyACKPp6+ePvgmoT8SD
a3r912EnQcWRZ4v6e5zeykyKwdd7QSuBJEuavRSwkWQG2l/D5QbH99iJr/Ijh3kelhRPtW43
FNtvex5FMOwj2SVv6RCtWPl7PXLQyiF8FpgQydYYLkJbw/PbpzlPlazjPqgwplTt4wIDAQAB
o4IB4DCCAdwwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwKQYDVR0lBCIwIAYIKwYBBQUHAwIG
CCsGAQUFBwMEBgorBgEEAYI3FAICMB0GA1UdDgQWBBQEeMhWYKN2CvWSUgvsS0VfDusyKTAf
BgNVHSMEGDAWgBS5Xcgp4WIPqRumalGj1Q1O5augsTAiBgNVHREEGzAZgRdvaGxpZ2VyQGZo
LXJvc2VuaGVpbS5kZTCBiwYDVR0fBIGDMIGAMD6gPKA6hjhodHRwOi8vY2RwMS5wY2EuZGZu
LmRlL2ZoLXJvc2VuaGVpbS1jYS9wdWIvY3JsL2NhY3JsLmNybDA+oDygOoY4aHR0cDovL2Nk
cDIucGNhLmRmbi5kZS9maC1yb3NlbmhlaW0tY2EvcHViL2NybC9jYWNybC5jcmwwgaQGCCsG
AQUFBwEBBIGXMIGUMEgGCCsGAQUFBzAChjxodHRwOi8vY2RwMS5wY2EuZGZuLmRlL2ZoLXJv
c2VuaGVpbS1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwSAYIKwYBBQUHMAKGPGh0dHA6Ly9j
ZHAyLnBjYS5kZm4uZGUvZmgtcm9zZW5oZWltLWNhL3B1Yi9jYWNlcnQvY2FjZXJ0LmNydDAN
BgkqhkiG9w0BAQUFAAOCAQEAAE+ZY3PWMo4JbrAmn5a75/BFcFf18X898w9+SwIEUoVjVHvq
SW8As/uEb9qpMqtDGdJSIFdAbNKsRHdJXs1TybWkTKQ0FVu2/GFP2tGLd25kfXL/jdrWAgFV
kxPx/3ib/Uw7YagZ6vt0KzjMYGBUSzoRoI9VQYVqEwm3UtMS8M6lcBg+pM1BfchOrJNIb8CP
TLd3q3qELoLZv4ItoH8dDGEpbEGxINmpKRZYRNZK0msh3uYB6x1g43rmXLfyhhSynPSzdo+U
lGhuRq+DXG3ZJzj4RHURaLzOVTvlOZ1wXszlR6UegN0CyhQ4/VQRZRGLpt3gSO4wY/3THqIc
h3XJpjGCAykwggMlAgEBMGMwWzELMAkGA1UEBhMCREUxITAfBgNVBAoTGEZhY2hob2Noc2No
dWxlIFJvc2VuaGVpbTEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTERMA8GA1UEAxMIRkgtUk8g
Q0ECBAluxKIwCQYFKw4DAhoFAKCCAZswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq
hkiG9w0BCQUxDxcNMDcwMTMxMTIwNDE3WjAjBgkqhkiG9w0BCQQxFgQULKsQN8CGWmQARAaj
KiP7LBjWnswwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAw
DQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwcgYJKwYBBAGCNxAEMWUw
YzBbMQswCQYDVQQGEwJERTEhMB8GA1UEChMYRmFjaGhvY2hzY2h1bGUgUm9zZW5oZWltMRYw
FAYDVQQLEw1SZWNoZW56ZW50cnVtMREwDwYDVQQDEwhGSC1STyBDQQIECW7EojB0BgsqhkiG
9w0BCRACCzFloGMwWzELMAkGA1UEBhMCREUxITAfBgNVBAoTGEZhY2hob2Noc2NodWxlIFJv
c2VuaGVpbTEWMBQGA1UECxMNUmVjaGVuemVudHJ1bTERMA8GA1UEAxMIRkgtUk8gQ0ECBAlu
xKIwDQYJKoZIhvcNAQEBBQAEggEAyKdpRAyYj3oRtz1HfIIK/AUvl+zGrWAcI9lTkHuO6HW+
TqgbD1XRsp22OqoU4TgIRs7x9JWu7T6U/cepwusYb6Q2T8bVVmaJUod+BCRQHoug07GBqL4D
ypqKOg/XAgYDG2R/gtixzUDolSF1d98Ar4AdGZNv7n34ll3pbSVFCFG2HGsoeOr1+y/pN62Y
6PZ93EW+o+f51Ho5hTOYLNzDTNh6X6AZ/DdeUWt7r/vtZkXzR+jh5vGU7jsOx5RD5LAQKTwl
bMcGCm1X3AQM0XtpVgugyFZqjlyqSaJ5N3L1QWBF70iE9lX9tiaqZcb1gPlJ3J+gMgaEV8WA
tTYTLs05EAAAAAAAAA==
--------------ms010902000308040601070102--
--===============1811842979==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1811842979==--