I'm resending this to the list, because apparently the newsgroup->list process isn't working, and it seems a large number of people don't read the newsgroup. ;)
So, after finally getting my work windows system to talk to our MIT KDC, I thought I'd try and get my new home system to do that, too. However, I'm having absolutely no luck. I followed the directions mailed to me last time on doing this, which is what worked for my work system, and it doesn't work for my home system. ksetup on my work system shows: (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\quanah>ksetup default realm = stanford.edu (external) stanford.edu: kdc = krb5auth1.stanford.edu kdc = krb5auth2.stanford.edu kdc = krb5auth3.stanford.edu Realm Flags = 0x0 none Mapping [EMAIL PROTECTED] to quanah. ksetup on my home system shows: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\quanah>ksetup default realm = stanford.edu (external) stanford.edu: kdc = krb5auth1.stanford.edu kdc = krb5auth2.stanford.edu kdc = krb5auth3.stanford.edu Realm Flags = 0x0 none Mapping [EMAIL PROTECTED] to quanah. So, that looks right to me. On the KDC side for my work system: Principal: host/[EMAIL PROTECTED] Expiration date: [never] Last password change: Thu Jun 29 11:16:19 PDT 2006 Password expiration date: [none] Maximum ticket life: 1 day 01:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Thu Jun 29 11:21:45 PDT 2006 (quanah/[EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 3 Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Attributes: Policy: default On the KDC side for my home system: k5admin: getprinc host/sw-90-717-287-3.stanford.edu Principal: host/[EMAIL PROTECTED] Expiration date: [never] Last password change: Fri Jan 19 10:38:42 PST 2007 Password expiration date: [none] Maximum ticket life: 1 day 01:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Fri Jan 19 10:45:05 PST 2007 (quanah/[EMAIL PROTECTED]) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 3 Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt Key: vno 1, DES cbc mode with CRC-32, no salt Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt Attributes: Policy: default Again, these match up. When I attempt to log in to the stanford.edu domain on my home Windows system, I get the following error: "The system could not log you on. Make sure your User name and domain are correct, then type your password again." Well, I'm sure both are correct, and I'm sure my password is correct, too, because the KDC shows that my home system successfully talked to it, and got all the tickets it should: Jan 19 10:47:48 kerberos1 krb5kdc[8666]: AS_REQ (1 etypes {1}) 171.66.155.86: NEEDED_PREAUTH: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED], Additional pre-authentication required Jan 19 10:47:48 kerberos1 krb5kdc[8666]: AS_REQ (1 etypes {1}) 171.66.155.86: ISSUE: authtime 1169232468, etypes {rep=1 tkt=16 ses=1}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED] On both systems, my computer is part of the workgroup "stanford.edu". Any thoughts on why identical setups aren't working much appreciated. One other detail since I first sent this out -- My home system will now not allow me to become the member of a domain, either. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos