Glenn Holmer wrote: > On Fri, 2009-10-02 at 18:02 -0600, Shawn M Emery wrote: > >> Natalie Li wrote: >> >>> Forwarding this to kerberos-discuss for investigation on the >>> KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN error returned by a Windows 2008 SP2 >>> domain controller upon receipt of the KPASSWD request (RFC 3244). >>> >> Please provide krb-diag output from the affected client using the >> following instructions and script from: >> >> http://opensolaris.org/os/project/kerberos/Debuggin >> > > Attached. >
Attempts to perform initial auth from the keytab file for the host service key yields pre authentication error. Looking at the associated keys in the keytab file we observe them to be vno 1. Which means that kclient was able to create the account, but unable to set the password of the associated computer after initial creation. Have you every ran kclient in which the account was removed first and then recreated? If you haven't then can you test this? If you have then please run the following command on your DC, after you have attempted to join your domain, and provide the subsequent output: dsquery * cn=shadow,cn=computers,dc=WEYGROUP,dc=LOCAL -attr * -- Shawn. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/kerberos-discuss/attachments/20091009/b7a33df9/attachment.html>
