u might find this Microsoft article on UDP, TCP, VPN and fragmented
packets of interest:
http://support.microsoft.com/kb/244474/
>
> Thanks Again
> Sandeep
>
>
> On 9/5/06, Douglas E. Engert <[EMAIL PROTECTED]> wrote:
>
>>
>> Sould have cc'ed you o
ndeep
On 9/5/06, Douglas E. Engert <[EMAIL PROTECTED]> wrote:
>
> Sould have cc'ed you on this response.
>
>
> Original Message ----
> Subject: Re: krb5 malformed over satellite link
> Date: Tue, 05 Sep 2006 16:59:39 -0500
> From: Douglas E. En
He could try forcing the use of TCP by adding
udp_preference_limit = 1
to the krb5.conf [libdefaults]
i.e. al packets over 1 byte will try TCP before UDP.
Since Active directory is going to return a PAC in the ticket,
most tickets will be big and will need to fall over to
using TCP anyway.
Marku
Do you use a IPSEC VPN over the satelite link or is the mtu smaller than
1500 bytes ? This might be a problem if the already fragmented packet has
to be fragmented again.
Regards
Markus
"Sandeep Bhardwaj" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> hi
>
> we are trying to m
hi
we are trying to make active directory set up of windows over the satellite
link to work ever thing is working excpet that my krb5 TGS-REQ packet comes
fragmented 1514(ip) and 61(udp) and when it reaches the other side- server
side it losses the encrypted heade and sniffer shows the packet as