Hi folks,
I have been trying to configure a WinXP client to authenticate against MIT
Kerberos V with no success (linux clients all work fine)...
I would be very grateful if anyone can help me. I have used ksetup.exe on
the windows clients to configure REALM, KDC and so on.
This is what I have configured so far:
========================== kdc.conf ===============================
[root@centos]# cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
database_name = /var/kerberos/krb5kdc/principal
master_key_type = des3-hmac-sha1
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/krb5.keytab
supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal
des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4
des-cbc-crc:afs3
default_principal_flags = -preauth
}
=========================
[root@centos]# kadmin.local
Authenticating as principal root/[email protected] with password.
kadmin.local: listprincs
K/[email protected]
*[email protected]
host/[email protected]*
kadmin/[email protected]
kadmin/[email protected]
kadmin/[email protected]
krbtgt/[email protected]
root/[email protected]
============================ named.conf =============================
centos IN A 172.24.16.97
winxp IN A 172.24.16.135
_ldap._tcp. IN SRV 0 0 389 centos
_ldap._tcp.dc._msdcs IN SRV 0 0 389 centos
_kerberos._tcp IN SRV 0 0 88 centos
_kerberos._tcp.dc._msdcs IN SRV 0 0 88 centos
_kerberos._udp IN SRV 0 0 88 centos
_kerberos._udp.dc._msdcs IN SRV 0 0 88 centos
kerberos IN CNAME centos
******FORWARD AND REVERSE LOOKUP WORK FINE*******
======================= ksetup (WindowsXP) =======================
C:\Documents and Settings\Administrator>hostname
winxp
C:\Documents and Settings\Administrator>*ksetup*
default realm = EXAMPLE.COM (external)
EXAMPLE.COM:
kdc = centos.example.com
Realm Flags = 0xf SendAddress TcpSupported Delegate NcSupported
Mapping [email protected] to guest.
======================= FAILED WINDOWS LOGIN ==========================
Apr 01 13:16:33 laptop61a krb5kdc[6812](info): AS_REQ (7 etypes {23 -133
-128 3 1 24 -135}) 172.24.16.136: ISSUE: authtime 1301660193, etypes {rep=23
tkt=16 ses=23}, [email protected] for krbtgt/[email protected]
Apr 01 13:16:33 laptop61a krb5kdc[6812](info): TGS_REQ (7 etypes {23 -133
-128 3 1 24 -135}) 172.24.16.136: ISSUE: authtime 1301660193, etypes {rep=23
tkt=16 ses=23}, [email protected] for host/[email protected]
No logs found in MS Event Viewer
========================== LINUX CLIENT IS FINE
==============================
user@linuxclient:~$ kinit user
Password for [email protected]:
user@linuxclient:~$ klist -fe
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
04/01/11 13:10:45 04/02/11 13:10:45 krbtgt/[email protected]
renew until 04/01/11 13:10:45, Flags: FPRI
Etype (skey, tkt): Triple DES cbc mode with HMAC/sha1, Triple DES cbc
mode with HMAC/sha1
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
