Hi all
I have been trying to setup an Kerberos and Active Directory setup, Seeing the same issue you have mentioned in you post (Preauth and ticket forwarding). I am currently not able to login to a windows machine using a kerberos user. The Kerberos Server logs show a error [NEEDED_PREAUTH: <mailto:[email protected]> [email protected] for <mailto:krbtgt/[email protected]> krbtgt/[email protected], Additional pre-authentication required]. Error from the kerberos server: Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 10.20.221.180: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): AS_REQ (2 etypes {3 1}) 10.20.221.180: ISSUE: authtime 1315318814, etypes {rep=3 tkt=1 ses=1}, [email protected] for krbtgt/[email protected] Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes {rep=1 tkt=1 ses=1}, [email protected] for krbtgt/[email protected] Sep 06 15:20:14 lhr-qa12 krb5kdc[8654](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 10.20.221.180: ISSUE: authtime 1315318814, etypes {rep=1 tkt=16 ses=1}, [email protected] for <mailto:host/[email protected]> host/[email protected] Environment: - Kerberos Server(Ubuntu 10.10) - AD - Windows 2003 R2 Tried to do an Wireshark trace on the communication between the Windows AD and Kerberos Server, I found that the PA-ENC-TIMESTAMP - data missing, Could someone let me know if I am missing some configuration information. Regards, Ranjith. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
