[31163] in Kerberos
RE: UDP/TCP problem in cross-realm authentication
daemon@ATHENA.MIT.EDU (miguel.sanders@arcelormittal.com)
Fri May 22 05:14:33 2009
MIME-Version: 1.0
Date: Fri, 22 May 2009 11:14:01 +0200
Message-ID: <7DF29B50FFF41848BB2281EC2E71A206BDC94D@GEN-MXB-V04.msad.arcelor.net>
In-Reply-To: <4A166AB9.2040903@it.uib.no>
From: miguel.sanders@arcelormittal.com
To: bjorn.sund@it.uib.no, kerberos@mit.edu
Content-class: urn:content-classes:message
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Moreover, do you even see the KRB5KRB_ERR_RESPONSE_TOO_BIG reply from the KDC?
Met vriendelijke groet
Best regards
Bien à vous
Miguel SANDERS
ArcelorMittal Gent
UNIX Systems & Storage
IT Supply Western Europe | John Kennedylaan 51
B-9042 Gent
T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
E miguel.sanders@arcelormittal.com
www.arcelormittal.com/gent
-----Oorspronkelijk bericht-----
Van: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] Namens Bjoern Tore Sund
Verzonden: vrijdag 22 mei 2009 11:05
Aan: kerberos@mit.edu
Onderwerp: UDP/TCP problem in cross-realm authentication
We have linux clients in an MIT Kerberos realm (1.6.3), Windows XP SP3 clients in AD and two-way trust configured. Accessing AD resources from Linux clients work perfectly.
Accessing resources in the MIT Kerberos realm from Windows fails more often than not. Lots of packet sniffing shows fragmented UDP packets which the unix server isn't able to reassemble. So, in accordance with
http://support.microsoft.com/kb/244474 we've set HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\
Kerberos\Parameters\MaxPacketSize to 1 on the XP clients. Still no go, they never try TCP (again sniffing both on the XP client and the unix kerberos server) but go straight for TCP. TCP is working on the unix kerberos server, the linux clients are happily using it. Have anyone seen MaxPacketSize fail to have effect before? Any ideas on how to trace this further?
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund@it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
****
This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights.
If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited.
Arcelormittal shall not be liable for the message if altered, falsified, or in case of error in the recipient.
This message does not constitute any right or commitment for ArcelorMittal except when expressly agreed otherwise in writing in a separate agreement.
****
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
