Hello Ross, With my first client, I added my computer in the Microsoft Domain. After that, I could log in with my account MIT. I never change anything in the registry.
Thanks, JM 2011/8/26 Wilper, Ross A <[email protected]> > One thing that you did not make clear is if you defined the MIT kerberos > realm in the registry of the Windows 7 machine. > (ksetup /AddKDC <realm> <kdc> or just go to > HKLM\System\CurrentControlSet\LSA\Kerberos\Domains and make a key named the > same as the realm and add a REG_MULTI_SZ value "KdcNames") > > -Ross > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of jm130794 > Sent: Friday, August 26, 2011 7:41 AM > To: Robert Wehn > Cc: [email protected] > Subject: Re: Cross realm between AD and MIT > > Hello, > > > I tried with another client and I have the same problem ! > > I can't open a session with user1 (MIT principal). > > JM > > > 2011/8/24 Robert Wehn <[email protected]> > > > Hi JM > > > > might be a dns error. > > The Client (user) has to guess the realm to the service and often uses > > dns (for example TXT records) or some registry entry (HostTorealm) to > > determine the KRB REALM for the service (in this case the local login). > > > > Try to wireshark what DNS request a win XP Machine does, when you try to > > login using Cross Realm Trust > > Do the same on the Windows 7 Machine. > > > > When testing Cross-Realm trust several months ago I had the impression > > MS changed something there, but i didn't really finish this. > > Actually it doesn't read out TXT Records which worked fine for WinXP. > > > > If you find out something, pleas tell me. > > > > Robert. > > > > Am 24.08.2011 14:06, schrieb jm130794: > > > I used wireshark to find why my connection fails. It seems that AD > > returns > > > the error KDC_ERR_WRONG_REALM. It's weird that I can connect to the > > server and > > > not on the client! > > > > > > Regards, > > > > > > > > > JM > > > > > > 2011/8/24 jm130794 <[email protected]> > > > > > >> Hello > > >> > > >> I installed a cross realm between my MIT and an AD. I can open a > session > > on > > >> my AD server with a principal defined in my MIT Kerberos (eg user1). > > >> > > >> I added a Windows Seven to my Microsoft Domain. I can open a session > on > > >> this station with the Domain Administrator Domain without problem. > > >> > > >> When I try to open a session with user1 (MIT principal), that doesn't > > >> work... > > >> > > >> Any idea ? > > >> > > >> Thanks, > > >> > > >> JM > > >> > > >> > > > ________________________________________________ > > > Kerberos mailing list [email protected] > > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > -- > > > > Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de > > Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047 > > 86135 Augsburg .................................. Fax. (0821) 598-2028 > > > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
