[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Interoperating with Win2K

To: Assar Westerlund <assar@sics.se>
Subject: Re: Interoperating with Win2K
From: Mark Davies <mark@MCS.VUW.AC.NZ>
Date: Mon, 24 Jul 2000 14:05:18 +1200
cc: heimdal-discuss@sics.se
In-Reply-To: Message from Assar Westerlund <assar@sics.se> of "24 Jul 2000 02:38:07 +0200." <5lbszo1hxs.fsf@assaris.sics.se>
Sender: owner-heimdal-discuss@sics.se

OK, making progress :-)

With the reverse mapping in the DNS sorted out things are now working in the 
previous setup with the w2k KDC.  So now I try cross realm with this setup:

Machine "a" in the w2k realm POC.VUW.AC.NZ (same machine as in my previous tests).
Machine "b" in a purely heimdal based realm MCS.VUW.AC.NZ
Cross-realm principles "krbtgt/MCS.VUW.AC.NZ@POC.VUW.AC.NZ" and 
"krbtgt/POC.VUW.AC.NZ@MCS.VUW.AC.NZ" set up in both realms KDC's.

telneting from "a" to "b" gives this error:

  Kerberos V5: mk_req failed (Decrypt integrity check failed)

telneting from "b" to "a" without adding the default_etypes entries to "b"s
krb5.conf gives this error:

  Kerberos V5: mk_req failed (KDC has no support for encryption type)

telneting from "b" to "a" with adding the default_etypes entries to "b"s
krb5.conf gives gives this error:

  Kerberos V5: mk_req failed (Message stream modified)

and do you really have to make that change to krb5.conf files for machines 
that aren't directly in a w2k managed realm?

So what still needs to be done?

cheers
mark

Follow-Ups:
- Re: Interoperating with Win2K
  - From: Assar Westerlund <assar@sics.se>

References:
- Re: Interoperating with Win2K
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: Interoperating with Win2K
Next by Date: Re: Interoperating with Win2K
Prev by thread: Re: Interoperating with Win2K
Next by thread: Re: Interoperating with Win2K
Index(es):
- Date
- Thread