It sounds like you have a Win2K Pro machine (say, WIN2KPRO), and you are trying to add a realm (say, REALM) to it. You want to map WIN2KPRO\LocalUser to [EMAIL PROTECTED] If I'm wrong about your setup, please correct me.
If so, then: 1. logging on with WIN2KPRO\LocalUser (with the local password) should not generate any traffic on the KDC-- it's a local logon. Kerberos is not involved. 2. Logging on with [EMAIL PROTECTED] (with the Kerberos password) should generate KDC traffic. If you're unsure, use tcpdump or Netmon to take a sniff. ----- This message or posting is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within are my own and do not necessarily constitute those of my employer. I reside in Washington, USA, where Title 19 declares that sending me Unsolicited Commercial Email can result in a $500 fine. Harvesting of this address for purposes of bulk email (spam and UCE) is expressly prohibited unless by my explicit prior request. I retaliate viciously against spammers and spam sites. > -----Original Message----- > From: Josef Allen [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 07, 2002 12:19 AM > To: [EMAIL PROTECTED] > Subject: win2k and kerberosV(mit) > > > I have recently followed the how to for a win2kpro to use a > mit kdc server. I followed all of the directions. I then > rebooted the win2kpro (windows 2000 professional). Ichecked > to see if I had different domains. Namely the domain that is > in question was the kdc domain name and the name of the > standalone win2kpro. I noticed that I had both domains. I > then mapped a user from a win2kpro user to a user@REALM using > the ksetup utility. Of course I had created a local account > already for the user on the win2kpro. I then tried to use the > account using my newly created domain. I had success. Now > that I have painted this picture let me tell you what went WRONG. > > I checked the krb5kdc.log file and saw no activity. > I checked the kadmind.log file and saw no activity. > > I tried to logon to the win2kpro machine with a user that was > created for the local machine BUT was not mapped to the mit > kdc. I was successful in logging on via the kdc domain. > > Thus how can I tell when I truly have interoperability. > > > > Josef De Vaughn Allen > z > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
