Hello, I need some help with the cross-realm.
I have MIT KDC, an Active Directory on Windows Server 2008 Entreprise, and a Windows 7 (in the windows domain) as a client for test. What I want to do is: to log onto Windows 7 with the MIT kerberos accouts. I've created and configured: -- on MIT kdc, adding the "krbtgt/[email protected]", and "krbtgt/[email protected]" principles; -- on Windows2008, creating the trust relationship with the MIT kdc (Direct Outbound) -- on both Windows 7 and Windows server 2008, using "ksetup /addRealm ......" to add the mit kerberos realm; -- on Windows 7, enabling the DES encryption, but not on the 2008 server, as I could not find a way to do that; -- on Windows server 2008, create the same users as in MIT kdc, and mapping them to Mit kerberos principles; The problem is, I cannot log onto Windows 7 by using the Mit kerberos's username and password. I've got these 2 types of error messages : sometimes "user name and password is incorrect", and sometimes"the trust relationship between this workstation and the primary domain failed". On Mit kdc's log file, there is the message "mitkdc.mydomain.comkrb5kdc[6735](info): AS_REQ (7 etypes {18 17 23 3 1 24 -135}) ...: ISSUE: authtime 1282578442, etypes {rep=23 tkt=16 ses=23}, [email protected] krbtgt/ [email protected]". And in Active Directory, I see nothing wrong, neither the Windows 7. However, if I don't add my windows 7 into Active Directory, but the Mit Kerberos Domain, everything works. I can authenticate the standalone workstaion (Windows 7) against Mit Kerberos without problem (by activing the guest account on Windows 7, and maypping * to the guest account ). I've been blocked for weeks on this. Does anyone have any ideas to help me? Thank you! Claudia ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
