Sorry, guess I was not clear. I had the "Do not required Kerberos pre-authentication" box checked for my AD user account and I was able to login into a Solaris 9 box using my AD credentials. With it unchecked, logins failed again. I can login to a Solaris 10 system using my AD credentials without any problems with that box unchecked. It is only when trying to authenticate against a Solaris 9 server (using SUN's Kerberos distribution) that the problem crops up.
- Bill -----Original Message----- From: Douglas E. Engert [mailto:[EMAIL PROTECTED] Sent: Monday, August 29, 2005 3:20 PM To: Smith, William E. (Bill), Jr. Cc: Wyllys Ingersoll; kerberos@mit.edu Subject: Re: Problems trying to authenticate Unix users via Active Directory Smith, William E. (Bill), Jr. wrote: > I did notice that things seem to work properly in Solaris 10 and > figured it must include TCP support. Modifying the user account > property to not require kerberos pre-authentication has worked but > that has some implications of its own. The Solaris 10 should support the pre-auth. It works for us. Why did you think you had to turn it off? With Solaris 5, 6, 7, 8, 9 we use/used the MIT kerberos. I will investigate some of the other > suggestions though > > Bill > > -----Original Message----- > From: Wyllys Ingersoll [mailto:[EMAIL PROTECTED] > Sent: Monday, August 29, 2005 10:10 AM > To: Smith, William E. (Bill), Jr. > Cc: kerberos@mit.edu > Subject: Re: Problems trying to authenticate Unix users via Active > Directory > > Bill Smith wrote: > > >>>From what I've found, it seems to be an issue with the user being in >> >>>too >> >>many AD groups, the Windows KDC wanting to use TCP rather than UDP, >>and > > >>the MIT version not supporting it. What I'm not certain on is whether >>is the version shipped with Solaris 9 is MIT-based or something >>proprietary to Solaris. I've found some mention of setting a registry >>key on the Windows ] >> >> > > > The SEAM packages in Solaris are based on MIT, though they are not > identical, there are > some minor differences. Solaris 9 SEAM does not have TCP support, > which is needed > to work with Windows 2003 server. There are workarounds, as others > have pointed out. > > >>At this point, we're still having the problem with no resolution. Has >>anyone else encountered this issue? If so, is there a patch from SUN >>to address it or did you have to do something else? Would appreciate >>any insight into this problem >> >> > > > I'm not sure if we have a patch for Solaris 9, but I do know that > Solaris 10 has TCP support and does not suffer the same problems as > the Solaris 8 and 9 versions. > > -Wyllys > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos