Can you get a packet capture with wireshark on port 88 when you start putty and connect to your server ?
Markus "Miguel Sanders" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Ok I narrowed the problem. > It seems that whever the user has more than 20 groups, SSO on XP2 > won't work. Below 20 groups it works OK. In XP1 there is no problem on > the amount of group memberhips. I assume that the Cross Realm Object > needs the NO_AUTH_REQUIRED field set in userAccountControl. However > the DNS admin reports that he gets "Access Denied" when trying to edit > that field of the Cross Realm object... > > On 31 jul, 23:24, "Markus Moeller" <[EMAIL PROTECTED]> wrote: >> Can you add the SPN with REALM into the SPN field under ssh->GSSAPI e.g. >> >> host/[EMAIL PROTECTED] >> >> I think Vintella is adding the default domain otherwise. Not sure if that >> is >> a bug or if I missed configuration setting. >> >> Markus >> >> "Miguel Sanders" <[EMAIL PROTECTED]> wrote in message >> >> news:[EMAIL PROTECTED] >> >> >> >> >I see that I receive the cross realm ticket. >> > However I don't receive any service ticket! >> >> > On 30 jul, 21:53, "Markus Moeller" <[EMAIL PROTECTED]> wrote: >> >> Can you use kerbtray to see if you get the service principal ? >> >> >> Markus >> >> >> "Miguel Sanders" <[EMAIL PROTECTED]> wrote in message >> >> >>news:[EMAIL PROTECTED] >> >> >> > Markus, I already tried editing that setting but no luck either... >> >> > Everytime I think I am done with this setup, there is a new issue... >> >> > However, the SSO from the Linux clients to the UNIX KDCs worked >> >> > instantly! >> >> >> > On 30 jul, 20:52, "Markus Moeller" <[EMAIL PROTECTED]> wrote: >> >> >> You might need this: >> >> >> >> "This new feature has been seen in Windows 2003 Server, Windows >> >> >> 2000 >> >> >> Server >> >> >> SP4, and Windows XP SP2. We assume that it will be implemented in >> >> >> all >> >> >> future Microsoft operating systems supporting the Kerberos SSPI. >> >> >> Microsoft >> >> >> does work closely with MIT and has provided a registry key to >> >> >> disable >> >> >> this >> >> >> new feature. >> >> >> >> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters >> >> >> AllowTGTSessionKey = 0x01 (DWORD)On Windows XP SP2 the key is >> >> >> specified >> >> >> as >> >> >> >> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos >> >> >> AllowTGTSessionKey = >> >> >> 0x01 (DWORD)"as described >> >> >> herehttp://web.mit.edu/kerberos/kfw-2.6/kfw-2.6.5/relnotes.html#mslsa >> >> >> >> Regards >> >> >> Markus >> >> >> >> "Miguel Sanders" <[EMAIL PROTECTED]> wrote in message >> >> >> >>news:[EMAIL PROTECTED] >> >> >> >> > Dear all >> >> >> >> > I don't know whether or not I should post this here or in >> >> >> > microsoft.xp.client but I will do both. >> >> >> > After successfully implementing a cross realm trust between AD >> >> >> > and a >> >> >> > UNIX realm, it seems that the clients that user SP1 can >> >> >> > successfully >> >> >> > have SSO to the UNIX machine whereas the SP2 people can't. Can >> >> >> > anyone >> >> >> > help me out, since I am not a Windows expert :-) >> >> >> > The tool I use for SSO on the Windows clients is Vintella Putty >> >> >> > 0.60 >> >> >> > q1.129. >> >> >> >> > Kind regards >> >> >> >> > Miguel >> >> >> >> > ________________________________________________ >> >> >> > Kerberos mailing list [EMAIL PROTECTED] >> >> >> >https://mailman.mit.edu/mailman/listinfo/kerberos-Tekstuit >> >> >> >oorspronkelijk bericht niet weergeven - >> >> >> >> - Tekst uit oorspronkelijk bericht weergeven - >> >> >> > ________________________________________________ >> >> > Kerberos mailing list [EMAIL PROTECTED] >> >> >https://mailman.mit.edu/mailman/listinfo/kerberos-Tekst uit >> >> >oorspronkelijk bericht niet weergeven - >> >> >> - Tekst uit oorspronkelijk bericht weergeven - >> >> > ________________________________________________ >> > Kerberos mailing list [EMAIL PROTECTED] >> >https://mailman.mit.edu/mailman/listinfo/kerberos- Tekst uit >> >oorspronkelijk bericht niet weergeven - >> >> - Tekst uit oorspronkelijk bericht weergeven - > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
