[28979] in Kerberos
Re: GSSAPI on Linux using Windows AD Servers as KDCs - Errors about
daemon@ATHENA.MIT.EDU (Jason D. McCormick)
Mon Jan 7 13:55:56 2008
Message-ID: <478274B5.3030700@devrandom.org>
Date: Mon, 07 Jan 2008 13:51:33 -0500
From: "Jason D. McCormick" <jason@devrandom.org>
MIME-Version: 1.0
To: "Douglas E. Engert" <deengert@anl.gov>
In-Reply-To: <47824B4A.9050102@anl.gov>
Cc: "Richard E. Silverman" <res@qoxp.net>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Douglas E. Engert wrote:
> The problem might be that on the AD account the UserAccountControl flag
> does not have the USE_DES_KEY_ONLY 0x200000 set, So AD is returning an
> ArcFour ticket, which is not in the keytab. ktpass has a /DESOnly option
> to set this.
>
> See kb 305144 too.
This is EXACTLY what I needed. Everything works now. Thanks to
everyone for the help.
- Jason
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
