[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Win2K interoperability again

  About a year ago I was experimenting with interoperating with Win2k, got 
things to work then left it.  Now I'm doing it again and I've struck a problem.

First the setup:
I have a NetBSD-current box set up pointing at a Win2K Domain Controller as 
its KDC.  It has a krb5.keytab file created on the Win2K box with "ktpass".

I can run kinit and get the initial tickets

unixtest: {4} klist
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: mcstest@STAFF.VUW.AC.NZ

  Issued           Expires          Principal
Dec  4 11:42:21  Dec  4 21:42:21  krbtgt/STAFF.VUW.AC.NZ@STAFF.VUW.AC.NZ
Dec  4 11:42:31  Dec  4 21:42:21  host/unixtest.staff.vuw.ac.nz@STAFF.VUW.AC.NZ

But if I try to telnet to the local machine I get a BAD_INTEGRITY error

unixtest: {5} telnet unixtest
Connected to unixtest.staff.vuw.ac.nz.
Escape character is '^]'.
[ Trying KERBEROS5 ... ]
[ Kerberos V5 refuses authentication because Read req failed: Decrypt integrity
check failed ]

Any suggestions on how I can track down whats broken?