Hi,hope anybody can give me some hints ... I want to implement a SSO feature between Novell NDS and Windows AD with Kerberos.
Using the MIT KDC V1.6 i am able to implement the Novell principal/login but have problems with Windows AD. Same cross-realm configuration and same AD works with a Heimdal KDC ,-) In any configuration i get the following log entry in MIT KDC when trying to map a drive on Windows server (KDC.DE is the realm for MIT and WIN.KDC.DE for Windows, i also tried complete different realms).
Jan 31 10:41:55 kdc krb5kdc[7881](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 141.60.131.32: UNKNOWN_SERVER: authtime 1170236388, [EMAIL PROTECTED] for cifs/[EMAIL PROTECTED], Server not found in Kerberos database
I have checked following points: - the workstation is configured for the KDC.DE realm and can login to MIT- the krbtgt for cross-realm has only encryption type des-cbc-crc, i also tried with des-cbc-crc and rc4-hmac
- i tried to use fixed realm configuration in krb5.conf and DNS one - t_walk_rtree shows no failure - the user in AD is marked not to use Pre Authentication - the Cross-Realm in AD is implemented transitive and bi-directional Regards Christoph Ohliger
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
