> -----Original Message-----
> From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-
> boun...@redhat.com] On Behalf Of Sumit Bose
> Sent: Monday, September 30, 2013 3:47 PM
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] krb5kdc Additional pre-authentication
> required
> 
> On Mon, Sep 30, 2013 at 03:20:46PM +0100, Mohan Cheema wrote:
> > Hi,
> >
> >
> >
> > We are trying to authenticate from Windows machine and getting below
> error.
> >
> >
> >
> > --------------------
> > Sep 30 14:07:34 kdc1.domain.com krb5kdc[10105](info): AS_REQ (7
> etypes {18
> > 17 23 3 1 24 -135}) 10.43.2.45: NEEDED_PREAUTH: u...@domain.com for
> > krbtgt/domain....@domain.com, Additional pre-authentication required
> 
> This is expected behaviour. The client will first send the AS-REQ
> without any pre-authentication data. If the server requires
> pre-authentication for this principal it will return this error to the
> client to indicate that pre-authentication is expected.
> >
> > Sep 30 14:07:34 kdc1.domain.com krb5kdc[10105](info): AS_REQ (7
> etypes {18
> > 17 23 3 1 24 -135}) 10.43.2.45: ISSUE: authtime 1380550054, etypes
> {rep=18
> > tkt=18 ses=18}, u...@domain.com for krbtgt/domain....@domain.com
> 
> In the second AS-REQ the client has included some pre-authentication
> data which is accepted by the KDC and a ticket is issued to the client.
> 
> HTH
> 
> bye,
> Sumit
> 
> >
> > Sep 30 14:07:34 kdc1.domain.com krb5kdc[10105](info): TGS_REQ (7
> etypes {18
> > 17 23 3 1 24 -135}) 10.43.2.45: ISSUE: authtime 1380550054, etypes
> {rep=18
> > tkt=23 ses=23}, u...@domain.com for host/av.domain....@domain.com
> > --------------------
> >
> >
> >
> > We followed the instruction to integrate windows for authentication.
> >
> >
> >
> > Windows Client: Windows server 2008 R2
> >
> >
> >
> > We are not able to figure out what the problem is.
> >
> >
> >
> > We are not using DNS server, instead we are using host file entries.
> DNS
> > server setup is not an option for us right now.
> >
> >
> >
> > Same user can authenticate from Linux machine.
> >
> >
> >
> > Regards,
> >
> >
> >
> > Mohan Cheema
> >
> >
> >
> 
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thanks for the info Sumit.

However, if ticket is issued user should be able to login to system. Instead
on Windows we are getting "user name or password is incorrect". Are there
any other setting that needs to be done so that user can login to system.


Regards,

Mohan

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to