On 6/19/2011 8:55 PM, Mark Davies wrote: > On Mon, 20 Jun 2011, Douglas E. Engert wrote: >>> How does one check in AD? and change it if it is? >> >> Check the userAccountControl attribute of the cross realm TGT >> look for USE_DES_KEY_ONLY = 2097152, i.e. 0x200000 >> http://support.microsoft.com/kb/305144 > > But how do you find the cross realm TGT object in something that will > let you look at userAccountControl? I don't have direct access to > the AD so need to tell the admins there where to go and what to > change.
OK, AD does not store the krbtgt as a principal, but this artical on setting up trust might help. Note the use of the enctype on ktpass, and use the correct ktpass for 2003. It for Heimdal which can have the same problem" "Windows 2003RC2: maximum encryption type is RC4, relationship defaults to DES" http://www.h5l.org/manual/HEAD/info/heimdal/Inter_002dRealm-keys-_0028trust_0029-between-Windows-and-a-Heimdal-KDC.html > > > cheers > mark > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
