Jason D. McCormick wrote:
Richard E. Silverman wrote:
A couple of questions:
1) What are the tkt and skey types on the tickets the client gets? The
etype of the service credentials?
klist -e reports:
(Normally Kerberos does not save a ticket in tha cache if it does not work
so you
Jason D. McCormick wrote:
Douglas E. Engert wrote:
Richard Silverman asked how did you add the principals to AD?
If you used the same AD account for both principals, they will use the
same password to generate the key, and will use the same kvno.
Thus your first problem might be the kvno
Douglas E. Engert wrote:
The problem might be that on the AD account the UserAccountControl flag
does not have the USE_DES_KEY_ONLY 0x20 set, So AD is returning an
ArcFour ticket, which is not in the keytab. ktpass has a /DESOnly option
to set this.
See kb 305144 too.
I'll give that a
Jason D. McCormick wrote:
Douglas E. Engert wrote:
The problem might be that on the AD account the UserAccountControl flag
does not have the USE_DES_KEY_ONLY 0x20 set, So AD is returning an
ArcFour ticket, which is not in the keytab. ktpass has a /DESOnly option
to set this.
See kb
On Jan 7, 2008 11:15 AM, Douglas E. Engert [EMAIL PROTECTED] wrote:
Jason D. McCormick wrote:
Douglas E. Engert wrote:
Why are you using DES? All the newer Kerberos can use ArcFour. So try
ktpass witout the crypto option.
Do you know if the Linux NFSv4 stuff can use ArcFour? I've
Douglas E. Engert wrote:
The problem might be that on the AD account the UserAccountControl flag
does not have the USE_DES_KEY_ONLY 0x20 set, So AD is returning an
ArcFour ticket, which is not in the keytab. ktpass has a /DESOnly option
to set this.
See kb 305144 too.
This is EXACTLY
Richard E. Silverman wrote:
A couple of questions:
1) What are the tkt and skey types on the tickets the client gets? The
etype of the service credentials?
klist -e reports:
Etype (skey, tkt): DES cbc mode with RSA-MD5, ArcFour with HMAC/md5
for the TGT. The keytab lists the key
Douglas E. Engert wrote:
Richard Silverman asked how did you add the principals to AD?
If you used the same AD account for both principals, they will use the
same password to generate the key, and will use the same kvno.
Thus your first problem might be the kvno is not found, in the keytab.
Jason D. McCormick wrote:
Hello,
I'm attempting to get NFSv4 working using Krb5/GSS credentials. I've
successfully set this up a number of times using MIT KDCs. However for
this implementation I have to use existing MS Windows Active Directory
(2003R2) servers as the KDCs
Hello,
I'm attempting to get NFSv4 working using Krb5/GSS credentials. I've
successfully set this up a number of times using MIT KDCs. However for
this implementation I have to use existing MS Windows Active Directory
(2003R2) servers as the KDCs (ad0.loc1.example.com,
ad1.loc1.example.com).
JDC == Jason D McCormick [EMAIL PROTECTED] writes:
JDC Hello, I'm attempting to get NFSv4 working using Krb5/GSS
JDC credentials. I've successfully set this up a number of times
JDC using MIT KDCs. However for this implementation I have to use
JDC existing MS Windows Active
11 matches
Mail list logo