<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD><TITLE>Samsung
Enterprise Portal mySingle</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<STYLE id=mysingle_style type=text/css>P {
MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px;
FONT-SIZE: 9pt
}
TD {
MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px;
FONT-SIZE: 9pt
}
LI {
MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px;
FONT-SIZE: 9pt
}
BODY {
LINE-HEIGHT: 1.4; MARGIN: 10px; FONT-FAMILY: Arial, arial; FONT-SIZE:
9pt
}
</STYLE>
<META name=GENERATOR content=ActiveSquare></HEAD>
<BODY>
<META name=GENERATOR content=ActiveSquare>
<P><SPAN style="FONT-SIZE: 10pt"><SPAN style="FONT-SIZE: 9pt">Hi
All,</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt">Please guide me to get cross realm authentication working under
windows 2008 server environment.</SPAN><o:p><SPAN style="FONT-SIZE:
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">I
have set up two domain with <STRONG>realm1 </STRONG>and <STRONG>realm
2</STRONG> in 2 different windows servers. I have added a one</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">way
trust at realm1 for realm2. </SPAN><SPAN style="FONT-SIZE: 9pt">The client
is in realm1 wants to access a server at <STRONG>realm2</STRONG> . I got the
</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt">AS-REP with referral ticket for </SPAN><SPAN style="FONT-SIZE: 9pt;
mso-spacerun: yes"> </SPAN><SPAN style="FONT-SIZE: 9pt"><STRONG><A
href="mailto:krbtgt/rea...@realm1";>krbtgt/rea...@realm1</A></STRONG>
</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes"> </SPAN><SPAN
style="FONT-SIZE: 9pt">from realm1 KDC server , Now the problem is</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt"> the</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">
</SPAN><SPAN style="FONT-SIZE: 9pt">I am sending TGS-REQ </SPAN><SPAN
style="FONT-SIZE: 9pt">to KDC server of <STRONG>realm2 </STRONG>by submitting
referral TGT , but the server returns</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt"> with a KRB Error: </SPAN><SPAN style="FONT-SIZE:
9pt">KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN </SPAN><SPAN style="FONT-SIZE: 9pt">even
though the principal name is the same</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt"> as the name with </SPAN><SPAN style="FONT-SIZE: 9pt">working
condition in single realm setup.</SPAN><o:p><SPAN style="FONT-SIZE:
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE:
9pt"> </SPAN></o:p><SPAN style="FONT-SIZE: 9pt">In Info in TGS
req.</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt">Padata field -></SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun:
yes"> </SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt;
mso-spacerun:
yes">
</SPAN><SPAN style="FONT-SIZE: 9pt">Tkt-vno: 5</SPAN><o:p><SPAN
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040;
FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman';
mso-fareast-theme-font: minor-fareast; mso-no-proof:
yes">
</SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family:
'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof:
yes">Realm: realm1.com</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040;
FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman';
mso-fareast-theme-font: minor-fareast; mso-no-proof:
yes">
</SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family:
'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof:
yes">Server Name (Principal): krbtgt/realm2.com</SPAN><o:p><SPAN
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="COLOR:
#404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman';
mso-fareast-theme-font: minor-fareast; mso-no-proof:
yes"> </SPAN></o:p><SPAN style="COLOR: #404040; FONT-SIZE: 9pt;
mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font:
minor-fareast; mso-no-proof: yes">Kdc-Req-body-></SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040;
FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman';
mso-fareast-theme-font: minor-fareast; mso-no-proof: yes"></SPAN><SPAN
style="FONT-SIZE: 9pt; mso-spacerun:
yes">
</SPAN><SPAN style="FONT-SIZE: 9pt">Realm: REALM2.COM</SPAN><o:p><SPAN
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt;
mso-spacerun:
yes">
</SPAN><SPAN style="FONT-SIZE: 9pt">Server Name (Principal):
ldap/win2003dpdnic.realm2.com</SPAN><o:p><SPAN style="FONT-SIZE:
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE:
9pt"> </SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE:
9pt"></SPAN></o:p><SPAN style="FONT-SIZE: 9pt">Please guide me on
identifying and resolve the problem for cross realm
authentication. </SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt"></SPAN> </P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt">Thanks and Regards</SPAN><o:p><SPAN style="FONT-SIZE:
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE:
9pt">Naveen</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P></SPAN>
<P> </P><!--SP:naveen.bn--><!--naveen.bn:EP-->
<P> </P></BODY></HTML><img
src='http://ext.samsung.net/mailcheck/SeenTimeChecker?do=819bad59c7908697f44e562e0b410c2369df4a29e858fba74b240a564ff6e9cb7c86263f3d414723d2cb7c2a93c43c11a728c55b39cc59eacf878f9a26ce15a0'
border=0 width=0 height=0 style='display:none'>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
