Hi, I am playing with Windows 7 and Kerberos authentication with MIT Kerberos 1.8.3.
My test is the following: Autenticate a Windows 7 with Kerberos. So, i have installed a test Windows 7, and a test OpenSuSE 11.4 with kerberos. Configured Kerberos and installed Kerberos for Windows 3.2.2 on the Windows 7. Tested it with network identity manager, and the client get the ticket perfectly, can change password etc. etc. Then, I have followed the following guide to add a windows 7 to an external KDC: - https://wiki.ncsa.illinois.edu/display/ITS/Windows+7+Kerberos+Login+using+External+Kerberos+KDC so, my kerberos database now have the following keys: K/[email protected] [email protected] [email protected] [email protected] host/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] kadmin/[email protected] krbtgt/[email protected] Then, i try to login with the windows Client, but it says to me "The trust relationship with the domain has failed", or something similar (sorry, is a translation from italian). Into the kerberos log i see this: May 26 12:24:39 afs-test krb5kdc[1498](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18 tkt=18 ses=18}, [email protected] for krbtgt/[email protected] May 26 12:24:39 afs-test krb5kdc[1498](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18 tkt=18 ses=18}, [email protected] for host/[email protected] May 26 12:24:39 afs-test krb5kdc[1498](info): AS_REQ (6 etypes {18 17 23 24 -135 3}) 192.168.87.249: ISSUE: authtime 1306405479, etypes {rep=18 tkt=18 ses=18}, host/[email protected] for krbtgt/[email protected] Seems all right, but the client don't login... I have tried also to sniff the network traffic when the autentication is done, and this is the result: 12:26:21.869814 IP 192.168.87.249.49298 > 192.168.87.253.88: v5 12:26:21.870887 IP 192.168.87.253.88 > 192.168.87.249.49298: v5 12:26:21.888886 IP 192.168.87.249.49299 > 192.168.87.253.88: 12:26:21.892069 IP 192.168.87.253.88 > 192.168.87.249.49299: 12:26:21.896066 IP 192.168.87.249.49300 > 192.168.87.253.88: v5 12:26:21.897171 IP 192.168.87.253.88 > 192.168.87.249.49300: v5 All the requests are to Kerberos, nothing more... So what is wrong? Any help is well accepted naturally. Cordially, Claudio Prono. -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
