[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Mixing heimdal and MIT clients.

On Jan 15, 2008, at 1:46 AM, Måns Nilsson wrote:

> Do simpler things like the klist above work? Do the enctypes match;  
> can all
> involved use all enctypes? Do you have logs from the kdc? Can you see
> whether the client tries to talk to the kdc?

heimdal/klist works fine but I don't have the MIT klist installed on  
the client system.

I left enctypes as default for AD since I figured I'd muck with that  
*after* getting things working, so currently it's arcfour-hmac-md5.   
I wouldn't think MIT would have a problem with this.

I sniffed the network during smbclient invocation, and all I can see  
is SPNEGO.  This negotiation fails when smbclient gives up on finding  
a ticket in ccache, returning KRB5_NO_TKT_IN_RLM.  smbclient never  
attempts to fetch tickets from the KDC, so logs at that end are empty.

-- Tim