Kerberos authentication
Sergey Lapin
slapinid at gmail.com
Wed Aug 17 17:12:49 GMT 2005
Hi, all!
There is simple Kerberos question.
We have w2k3 PDC here and want to setup one machine
(machine.domain.com) to interoperate with it.
Samba's net ads join works.
kinit works.
but telnet to machine.domain.com from the same machine fails with thw
following debug:
[ Trying mutual KERBEROS5 (host/machine.domain.com at DOMAIN.COM)... ]
Kerberos V5: mk_req failed (Message stream modified)
[ Trying KERBEROS5 (host/machine.domain.com at DOMAIN.COM)... ]
Kerberos V5: mk_req failed (Message stream modified)
-bash-2.05b$ klist
Credentials cache: FILE:/tmp/krb5cc_1002
Principal: lapin at UNIVERSE.DART.SPB
Issued Expires Principal
Aug 17 21:06:40 Aug 18 07:06:40 krbtgt/DOMAIN.COM at DOMAIN.COM
/etc/krb5.conf:
[libdefaults]
default_realm = DOMAIN.COM
default_keytab_name = FILE:/etc/krb5.keytab
dns_lookup_realm = false
dns_lookup_kdc = true
[domain_realm]
.domain.com = DOMAIN.COM
[realms]
DOMAIN.COM = {
kdc = tcp/dc.domain.com
kpasswd_server = dc.domain.com
admin_server = udp/dc.domain.com
}
More information about the freebsd-questions
mailing list