Hi! Dear Colleagues,
I'm taking my first steps in using kerberos, our goal is to authenticate
users who wish to use their Windows desktops via FreeIPA.
The issue is that we have done both FreeIPA configuration as in the
windows client, but every time I try to use my credentials that exist in
FreeIPA, I see an error message in windows logs indicating:
The Security System detected an authentication error for the server
DNS/ds1.bbr.cl. The failure code from authentication protocol Kerberos was "No
authority could be contacted for authentication.
(0x80090311)".
The kerberos configuration inside the windows desktop is:
C:\Windows\system32>ksetup
default realm = BBR.CL (external)
BBR.CL:
kdc = testwin10.areaprod.b2b
kpasswd = testwin10.areaprod.b2b
Realm Flags = 0x0No Realm Flags
Mapping all users (*) to a local account by the same name (*).
C:\Windows\system32>
the KDC is tha same desktop.. is ok? or there is a mistake?
I don't know how i can to do debug, for detect the bug in the
configuration.., searching by google, i can to find the following project:
http://blog.michelbarneveld.nl/michel/archive/2009/12/05/kerberos-authentication-tester.aspx
Is very nice the tool, but i need one for debug the authentication using
kerberos againts to freeipa server, no http server..., also i tryed to use
https://support.microsoft.com/en-us/kb/262177, but without success in my
desktop windows 10.
Thanks in advance, if you have any hint for this..
-Pablo
ps: FreeIPa Server configuration for Kerberos
https://www.freeipa.org/page/Windows_authentication_against_FreeIPA
_______________________________________________
kfwdev mailing list
kfwdev@mit.edu
http://mailman.mit.edu/mailman/listinfo/kfwdev
