He could try forcing the use of TCP by adding udp_preference_limit = 1 to the krb5.conf [libdefaults] i.e. al packets over 1 byte will try TCP before UDP.
Since Active directory is going to return a PAC in the ticket, most tickets will be big and will need to fall over to using TCP anyway. Markus Moeller wrote: > Do you use a IPSEC VPN over the satelite link or is the mtu smaller than > 1500 bytes ? This might be a problem if the already fragmented packet has > to be fragmented again. > > Regards > Markus > > > "Sandeep Bhardwaj" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > >>hi >> >>we are trying to make active directory set up of windows over the >>satellite >>link to work ever thing is working excpet that my krb5 TGS-REQ packet >>comes >>fragmented 1514(ip) and 61(udp) and when it reaches the other side- server >>side it losses the encrypted heade and sniffer shows the packet as Mal >>formed due to this its not getting the krb5 TGS-REP >> >>i am attaching the ethereal trace what could be wrong there are few other >>packets of krb5 TGS-REQ 1483 bytes and they get the response also >> >>you can see both the packes in the trace attachecd >>*krb5 TGS-Req_no_response_mallformed.cap this is showing the mall formed >>packet recived after the vsat link to the server* >> >>Can i get any help on this like y is the rejected packet fragmented ? >>what could be the reson >>thanks fro your time in advance >> >> >> >>-- >>Sandeep Bhardwaj >> >>GET FIREFOX >>http://www.spreadfirefox.com/?q=affiliates&id=171522&t=1 >>http://www.spreadfirefox.com/?q=affiliates&id=171522&t=1 >> > > > > -------------------------------------------------------------------------------- > > > >>________________________________________________ >>Kerberos mailing list Kerberos@mit.edu >>https://mailman.mit.edu/mailman/listinfo/kerberos >> > > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
