[33047] in Kerberos
Cross realm authentication
daemon@ATHENA.MIT.EDU (krbmit siso)
Wed Jan 5 00:47:37 2011
MIME-Version: 1.0
Date: Wed, 5 Jan 2011 11:17:17 +0530
Message-ID: <AANLkTi=R0SScqdpa1Jos+SaG1qH9A_eS=QehdR9SNyuD@mail.gmail.com>
From: krbmit siso <krbmit@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi All,
Please guide me to get cross realm authentication working under windows 2008
server environment.
I have set up two domain with realm1 and realm 2 in 2 different windows
servers. I have added a one
way trust at realm1 for realm2. The client is in realm1 wants to access a
server at realm2 . I got the
AS-REP with referral ticket for krbtgt/realm2@realm1 from realm1 KDC
server , Now the problem is
the I am sending TGS-REQ to KDC server of realm2 by submitting referral TGT
, but the server returns
with a KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN even though the principal
name is the same
as the name with working condition in single realm setup.
In Info in TGS req.
Padata field ->
Tkt-vno: 5
Realm: realm1.com
Server Name (Principal): krbtgt/realm2.com
Kdc-Req-body->
Realm: REALM2.COM
Server Name (Principal): ldap/
win2003dpdnic.realm2.com
Please guide me on identifying and resolve the problem for cross realm
authentication.
Thanks and Regards
Naveen
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
