Mike,
We have seen this issues too. A couple of our XP machines don't want to do
Kerberos via HTP. If you use SP2 then there are Hotfixes available, but I
don't recall the Hotfix number right now. Check with Microsoft
Regards
Markus
Michael B Allen [EMAIL PROTECTED] wrote in message
On Fri, 30 Jun 2006 04:10:35 GMT
Jeffrey Altman [EMAIL PROTECTED] wrote:
Michael B Allen wrote:
It could be (2). But it's not specific to IE because the wsh script
generates the same error and it just uses the WinHttpRequest interface. So
it would have to be an machine level or Global
On Fri, 30 Jun 2006 12:18:18 +1000
Luke Howard [EMAIL PROTECTED] wrote:
So if *I* had to guess I would say it's (2). There's some mysterious
security policy GPO or some odd MS thing I don't understand since I
spend 90% of my time in vi :-
Try cranking up KerbDebugLevel and see if you can
It overwrites the follwing patch
http://support.microsoft.com/default.aspx?scid=kb;en-us;885887 which
mentions Kerberos auth problems.
Markus
Markus Moeller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
The mentioned is hotfix is http://support.microsoft.com/?kbid=906524 and
The mentioned is hotfix is http://support.microsoft.com/?kbid=906524 and
will be available in SP3. It updates the Kerberos dll and solved for us the
issue. Could you let me know if this solved your problem ?
Regards
Markus
Markus Moeller [EMAIL PROTECTED] wrote in message
news:[EMAIL
Turn off NTLM with Group Policy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, June 29, 2006 1:37 PM
To: kerberos@mit.edu
Subject: Windows Clients Won't Do Kerberos
I'm testing a Windows - Apache Kerberos SSO product
That sounds interesting. Note that the customer ran kerbtray and
it shows he has tickets for stuff like cifs/[EMAIL PROTECTED] and
host/[EMAIL PROTECTED] So it looks like the workstations CAN do
Kerberos, they just don't want to do it with the HTTP SPN.
But the group policy thing sounds
On Thu, 29 Jun 2006 16:12:22 -0500
Christopher D. Clausen [EMAIL PROTECTED] wrote:
Michael B Allen [EMAIL PROTECTED] wrote:
I'm testing a Windows - Apache Kerberos SSO product (see sig) with a
customer and it's not working for them. The client is always asking
for NTLM. It never even tries
On Thursday, June 29, 2006 07:12:53 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I have confirmed with a packet capture that the client never tries
Kerberos. It just tries raw NTLMSSP. No SPNEGO.
Finally, the installer on the Linux machine validates the keytab
credential with
On Thu, 29 Jun 2006 21:04:29 -0400
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
On Thursday, June 29, 2006 07:12:53 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I have confirmed with a packet capture that the client never tries
Kerberos. It just tries raw NTLMSSP. No SPNEGO.
So if *I* had to guess I would say it's (2). There's some mysterious
security policy GPO or some odd MS thing I don't understand since I
spend 90% of my time in vi :-
Try cranking up KerbDebugLevel and see if you can find out if the
Kerberos SSP is being invoked.
-- Luke
--
Michael B Allen wrote:
It could be (2). But it's not specific to IE because the wsh script
generates the same error and it just uses the WinHttpRequest interface. So
it would have to be an machine level or Global Policy type of setting.
It could be (4) if there's something wrong with the
12 matches
Mail list logo