On Wed, 24 Aug 2016, Pablo Silva wrote: > Hi! Dear Colleagues, > > I'm taking my first steps in using kerberos, our goal is to > authenticate users who wish to use their Windows desktops via FreeIPA. > > The issue is that we have done both FreeIPA configuration as in the > windows client, but every time I try to use my credentials that exist in > FreeIPA, I see an error message in windows logs indicating: > > The Security System detected an authentication error for the server > DNS/ds1.bbr.cl. The failure code from authentication protocol Kerberos was > "No authority could be contacted for authentication. > (0x80090311)". > > The kerberos configuration inside the windows desktop is: > > > C:\Windows\system32>ksetup > default realm = BBR.CL (external) > BBR.CL: > kdc = testwin10.areaprod.b2b > kpasswd = testwin10.areaprod.b2b > Realm Flags = 0x0No Realm Flags > Mapping all users (*) to a local account by the same name (*).
This seems to indicate that you are just using the built-in Windows native Kerberos support, and are not using the MIT Kerberos for Windows distribution (that provides a more Unix-like libkrb5 and GSSAPI interface for software being ported to windows). If so, you may have better luck asking on kerbe...@mit.edu, the general kerberos discussion list, which has more subscribers than this list. -Ben _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev
