Have you turned on TCP support on the MIT KDC? You need to use MIT KDC 1.3.x; turn on TCP support; and set the TcpSupported flag on the MIT realm with KSETUP.
Jeffrey Altman Russell Shapiro wrote: > I have a one way trust between AD KDC and MIT KDC, where MIT trusts > AD. This seems to mostly work where windows clients can retrieve MIT > service tickets. There are some windows accounts, however, where I > believe there are too many groups which causes problems. When trying > to get a service ticket from the MIT KDC with one of these windows > accts I get the following error message in the MIT kdc log: > > ASN.1 encoding ended unexpectedly - while dispatching (udp) > > We have tcp enabled for the MIT KDC but it seems that the windows > client only ever tries udp, which I'm assuming is too small for the > request based on the error message. It may be that we missed something > in the configuration of the MIT KDC so that it will tell the windows > client to try tcp instead? I set the MaxPacketSize to 1 on the windows > client to try and force tcp but that doesn't seem to work to the MIT > KDC. Is there anything we need to set to make sure that the request > will come over tcp, if that is, in fact, our problem? Any suggestions > or help on resolving this would be most appreciated. Ideally we > wouldn't even send the PAC data in the request to the MIT KDC but it > isn't clear that can be done either. Anu suggestions? Thanks in > advance. -- ----------------- This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos