On 2011-06-14 11:11, jm130794 wrote:
> Hello,
>
> I have a little question : is it possible create a cross-realm between AD
> (Windows Server 2008 R2) and MIT Kerberos ?
>
> I tried but...
>
> When I try to connect on Windows Server with my Kerberos MIT user, I get
> these errors in krb5kdc.log :
>
> Jun 14 09:22:29 srv1 krb5kdc[979](info): AS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected],
> Additional pre-authentication required
> Jun 14 09:22:29 srv1 krb5kdc[979](info): AS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: ISSUE: authtime 1308036149, etypes {rep=18 tkt=18
> ses=18}, [email protected] for krbtgt/[email protected]
> Jun 14 09:22:29 srv1 krb5kdc[979](info): TGS_REQ (7 etypes {18 17 23 3 1 24
> -135}) 192.168.2.2: ISSUE: authtime 1308036149, etypes {rep=18 tkt=18
> ses=18}, [email protected] for krbtgt/[email protected]
>
> Any ideas ?We use the Win 2008R2 AD as krb5 auth. Works fine so far. If you want to use MIT krb5 and a AD auith, both REALMs need to be different. MfG, Lars Schimmer -- ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [email protected] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
