[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Windows 2003 SP1, cross-domain trust
On Thu, 29 Mar 2007 00:58:01 -0700 (PDT)
Chris Stromsoe <firstname.lastname@example.org> wrote:
> I'm trying to set up a cross-domain trust from a W2K3 SP1 AD domain
> controller to a heimdal 0.7.2 KDC ("pass-thru authentication").
> I can authenticate stand-alone workstations fine. kerbtray shows all
> of the proper tickets showing up.
> After setting up the trust on the DC, I get KDC_ERR_ETYPE_NOTSUPP on
> the DC when I try to authenticate with credentials from the heimdal
I disabled everything but the des keys on the cross realm principal:
Keytypes(salttype[(salt-value)]): des-cbc-md4(pw-salt), des-cbc-crc(pw-salt)
It's working for XP clients but not for w2k client; though I suspect
that the w2k clients can't handle pkinit.
Björn Sandell Chalmers University of Technology
IT Services www.chalmers.se/its +46 (0)31 772 1000
No one ever says, 'I can't read that ASCII E-mail you sent me.'