On Thursday, June 29, 2006 07:12:53 PM -0400 Michael B Allen <[EMAIL PROTECTED]> wrote:
> I have confirmed with a packet capture that the client never tries > Kerberos. It just tries raw NTLMSSP. No SPNEGO. > > Finally, the installer on the Linux machine validates the keytab > credential with krb5_get_init_creds_keytab and then does a DCE/RPC group > lookup against the DC. It was successful. So the SPN and it's credential > is valid. If it's never even trying negotiate, then one of these must be true: (1) It doesn't support it (2) It's configured not to use it (3) The server doesn't claim support it (4) It can't get a ticket Since you have another client which also fails, (1) and (2) seem unlikely. And, since you have other tickets, and you've demonstrated that the service principal exists, (4) also seems unlikely. So, I'm going to guess that your server is broken, and doesn't claim to support that mechanism. -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos