This is what you said Rohit Kumar Mehta > Thanks Russ, I think you might have found something. > I did the command you suggested ssh -ddd 2>/tmp/err.txt > and found an interesting message in the long file it created. > > debug1: Miscellaneous failure > No principal in keytab matches desired name. > > My krb5.keytab looks like this: > nfsv4etch:~# ktutil > ktutil: rkt /etc/krb5.keytab > ktutil: l > slot KVNO Principal > ---- ---- > --------------------------------------------------------------------- > 1 4 host/[EMAIL PROTECTED] > > Does that look like it's generated properly? > > Rohit > > Russ Allbery wrote: >> Rohit Kumar Mehta <[EMAIL PROTECTED]> writes: >> >> >>>I tried that command and it seems to work: >> >> >>>nfsv4etch:~# kinit -S host/nfsv4etch.engr.uconn.edu >>> [EMAIL PROTECTED] >>>Password for [EMAIL PROTECTED]: >>>nfsv4etch:~# klist >>>Ticket cache: FILE:/tmp/krb5cc_0 >>>Default principal: [EMAIL PROTECTED] >> >> >>>Valid starting Expires Service principal >>>10/10/06 17:19:07 10/11/06 03:19:12 >>>host/[EMAIL PROTECTED] >>> renew until 10/11/06 17:19:07 >> >> >> >>>Kerberos 4 ticket cache: /tmp/tkt0 >>>klist: You have no tickets cached >>
Here are some other places where I have discussed this topic: http://www.linuxquestions.org/questions/showthread.php?t=371848&page=2 http://www.winlinanswers.com/community/viewtopic.php?t=37 http://blog.scottlowe.org/2006/04/27/linux-ad-integration-with-windows-server-2003-r2/ http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/ Note that there is a bug in Windows 2003 SP1 ktpass utility when creating keytab files used with secure connections. You can get a fix from MS. You can find the link to MS article which discusses the bug from the links above. Although I have a "working" solution, which can be found from the above articles, I would like hear what your final configuration looks like. There are still several things I do not like with my configuration and would like to improve on the configuration so that it is more then just functional. Thanks. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
