Hi,
Did you ever figure out what the problem was ? I'm seeing the same problem but
in a multiple forest configuration with
cross-forest trust. Everything works in my own setup but not a customer site.
Thanks,
Lily
Kerberos mailing list
Mike,
We have seen this issues too. A couple of our XP machines don't want to do
Kerberos via HTP. If you use SP2 then there are Hotfixes available, but I
don't recall the Hotfix number right now. Check with Microsoft
Regards
Markus
Michael B Allen [EMAIL PROTECTED] wrote in message
On Fri, 30 Jun 2006 04:10:35 GMT
Jeffrey Altman [EMAIL PROTECTED] wrote:
Michael B Allen wrote:
It could be (2). But it's not specific to IE because the wsh script
generates the same error and it just uses the WinHttpRequest interface. So
it would have to be an machine level or Global
On Fri, 30 Jun 2006 12:18:18 +1000
Luke Howard [EMAIL PROTECTED] wrote:
So if *I* had to guess I would say it's (2). There's some mysterious
security policy GPO or some odd MS thing I don't understand since I
spend 90% of my time in vi :-
Try cranking up KerbDebugLevel and see if you can
It overwrites the follwing patch
http://support.microsoft.com/default.aspx?scid=kb;en-us;885887 which
mentions Kerberos auth problems.
Markus
Markus Moeller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
The mentioned is hotfix is http://support.microsoft.com/?kbid=906524 and
The mentioned is hotfix is http://support.microsoft.com/?kbid=906524 and
will be available in SP3. It updates the Kerberos dll and solved for us the
issue. Could you let me know if this solved your problem ?
Regards
Markus
Markus Moeller [EMAIL PROTECTED] wrote in message
news:[EMAIL
I'm testing a Windows - Apache Kerberos SSO product (see sig) with a
customer and it's not working for them. The client is always asking for
NTLM. It never even tries Kerberos. I know it's not browser settings
because I wrote a simple wsh script and it too only tries NTLMSSP
(whereas on my test
Turn off NTLM with Group Policy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, June 29, 2006 1:37 PM
To: kerberos@mit.edu
Subject: Windows Clients Won't Do Kerberos
I'm testing a Windows - Apache Kerberos SSO product
@mit.edu
Subject: Windows Clients Won't Do Kerberos
I'm testing a Windows - Apache Kerberos SSO product (see sig) with a
customer and it's not working for them. The client is always asking for
NTLM. It never even tries Kerberos. I know it's not browser settings
because I wrote a simple wsh
On Thu, 29 Jun 2006 16:12:22 -0500
Christopher D. Clausen [EMAIL PROTECTED] wrote:
Michael B Allen [EMAIL PROTECTED] wrote:
I'm testing a Windows - Apache Kerberos SSO product (see sig) with a
customer and it's not working for them. The client is always asking
for NTLM. It never even tries
On Thursday, June 29, 2006 07:12:53 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I have confirmed with a packet capture that the client never tries
Kerberos. It just tries raw NTLMSSP. No SPNEGO.
Finally, the installer on the Linux machine validates the keytab
credential with
On Thu, 29 Jun 2006 21:04:29 -0400
Jeffrey Hutzelman [EMAIL PROTECTED] wrote:
On Thursday, June 29, 2006 07:12:53 PM -0400 Michael B Allen
[EMAIL PROTECTED] wrote:
I have confirmed with a packet capture that the client never tries
Kerberos. It just tries raw NTLMSSP. No SPNEGO.
So if *I* had to guess I would say it's (2). There's some mysterious
security policy GPO or some odd MS thing I don't understand since I
spend 90% of my time in vi :-
Try cranking up KerbDebugLevel and see if you can find out if the
Kerberos SSP is being invoked.
-- Luke
--
Michael B Allen wrote:
It could be (2). But it's not specific to IE because the wsh script
generates the same error and it just uses the WinHttpRequest interface. So
it would have to be an machine level or Global Policy type of setting.
It could be (4) if there's something wrong with the
14 matches
Mail list logo