On 10/11/2012 3:44 PM, Jarek wrote: > Hello! > > I have windows 2008R2 with AD and few Linux servers. > I've installed debian squeeze on one of the servers and next integrated > it with domain (kerberos, winbind, samba etc) with test PDC. > As the SSO with putty was working fine, the system has been cloned to > remaining machines. > Next all Linux servers has been connected to production PDC but > something went wrong: on part of the servers SSO is not working - I have > to use the password. > All servers has exactly same krb5.conf and samba.conf, DNS, NTP has been > triple checked. > kinit, password login, wbinfo, getent works but GSSAPI (from putty) is > working only on part of them. > keytabs has been created with: > > net ads join -U administrator -k > net ads keytab create -U administrator > > When there is a problem with SSO, in the ssh log, I see the message: > Wrong principal in request. > > How can I debug this problem ? > Is there any way to see what principal is send from putty ?
PuTTY has logging capabilities, under Session->Logging. Wireshark on the client would show the Kerberos client to KDC traffic. Windows is case insensitive. Unix is case sensitive it could be a issue with the case of a host name in a service principal. > Are there any other files beside krb5.conf and samba.conf which should > be checked ? > > I have installed simmilar configuration in few systems, and it works > years without any problem, but here I can't find where is the problem. > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos