Thanks for your reply, Dean I'll try to get the relevant information on Sunday, unfortunately I'm not sure it will be possible to send files (in our organisation we have a separate LAN can't be connected easily to the rest of the world for security reasons).
All our AD servers (both those based on 2003 and 2008 windows server OS) are configured to work together, we add a new user (with ktpass) and it's replicated automatically to all the domain controllers. Then our system administrator sends me a keytab file and I can configure CAS to run against 2003 AD or 2008 AD. The same keytab works fine when CAS works with 2003 and the exception occurs in 2008 AD. I'll talk to our kerberos system administrator to get more details. Thanks a lot in advance! BTW, can anyone confirm that he/she has a running CAS configuration with SPNEGO based authentication against the AD of Windows 2008 server? On Thu, Jul 1, 2010 at 1:55 AM, Dean Heisey <[email protected]>wrote: > > I would look at your jcifs principal i.e. the kerberos principal you have > set > up in AD. When you migrate servers, it seems that windows does not do a > good job of preserving your SPN to principal mappings. You should look > into > creating a new user in your 2008 AD and mapping the SPN to that. > -- > View this message in context: > http://jasig.275507.n4.nabble.com/SPNEGO-and-Windows-AD-2008-server-tp2274241p2274448.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
