[29389] in Kerberos
Problem configuring kerberos delegation on a windows 2003 domain
daemon@ATHENA.MIT.EDU (Lima Valdes Emil)
Fri Feb 29 13:37:50 2008
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Fri, 29 Feb 2008 12:38:05 -0600
Message-ID: <E5854CC55858D04D85AB8AD5BF07F68E0FFE1B81@grecia.smnyl.com.mx>
From: "Lima Valdes Emil" <elima@monterrey-newyorklife.com.mx>
To: <Kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi all,
I´ve been trying to configure Kerberos delegation on a Windows 2003 domain but I haven't got any good result yet. I followed a Microsoft Document on [1] to configure Kerberos in order to build a .NET 2.0 SOA solution. The following is the Kerberos trace when I try to access page A in a scenario like this:
IE -----> Page_A.aspx ----> Service_A.asmx
WebApp on IIS WebService on IIS
Server A The same server A
App pool on domain App pool on domain
account A account B
Kerberos trace:
---------------
500.652> Kerb-Bnd: Calling kdc 129.170.140.8 for realm SMNYL.COM.MX
500.652> Kerb-Warn: KerbGetTgsTicket failed to unpack KDC reply: 0x3c
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: KerbGetTgsTicket KerbCallKdc: error 0x7
500.652> Kerb-Warn: Failed to get TGS ticket for service 0xc000018b :
HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: d:\nt\ds\security\protocols\kerberos\client2\kerbtick.cxx, line 3833
500.652> Kerb-SPN: KerbInsertSpnCacheEntry spn cache disabled
500.652> Kerb-Warn: TARGET_UNKNOWN for SMNYL.COM.MX\account_a LogonId 0:0xfbc9, target HTTP a_service.smnyl.com.mx
500.652> Kerb-Warn: SpInitLsaModeContext failed to get outbound ticket, KerbGetServiceTicket failed with 0xc000018b
---------------
ASP.NET error
---------------
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException: WSE594: InitializeSecurityContext call failed with the following error message: The network path was not found.
----------------
Regards,
Emil.
[1] http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerbdel.mspx
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
