[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with Service Principle Unknown and Windows AD.

I am in an environment where I need to be able to authenticate users
against the Win2K Active Directory farm using Kerberos.

I am having trouble getting the Kerberos component
working and get tcpdump shows the linux host receiving a

Right now I have the following setup.

	Application -> saslauthd -> heimdal -> Windows Servers

My understanding of how to set this up is that I must get a service
ticket from Windows using the "ktpass.exe" application and copy this
to /etc/krb5.keytab file on the linux host.  Then I configure saslauthd
to use Heimdal kerberos for Authentication and run the testsaslauthd
program to test.

Are my assumptions about how to set this up correct?  I was unable to
find a definitive guide.

What should I be looking at to debug the principle unknown error
message.  I am fairly certain that I have a valid key from AD in

Here are some files that may be useful:

        clockskew = 300
        default_etypes = des-cbc-crc
        default_etypes_des = des-cbc-crc
        default_realm = INTERNAL.EPO.ORG
        dns_lookup_realm = true
        dns_lookup_kdc = true
        INTERNAL.EPO.ORG = {
        default_domain = internal.epo.org
        .internal.epo.org = INTERNAL.EPO.ORG
        internal.epo.org = INTERNAL.EPO.ORG
    kdc = FILE:/var/log/kerb.log
    admin_server = FILE:/var/log/kerb.log
    default = FILE:/var/log/kerb.log

$ ktutil list

Vno  Type         Principal                                       
  3  des-cbc-md5  host/mnuf09l.internal.epo.org@INTERNAL.EPO.ORG  
  3  des-cbc-md5  host/mnuf09xxx.internal.epo.org@INTERNAL.EPO.ORG


Any suggestions much appreciated.


-- Simon Tennant ________________ http://imaginator.com/~simon/contact