f



kerberos and Windows 2008R2 - kinit: Key table entry not found while getting initial credentials

Hello Kerberos List,

I'm trying to set a Kerberos ticket between a Unix and a Windows 2008 R2 se=
rver.
I've created a user on windows and used the ktpass to generate the Kerberos=
 keytab:
C:\Windows\System32\ktpass princ host/jc1lqaldap.testdomain.com@TESTDOMAIN.=
COM mapuser TESTDOMAIN\host_jc1lqaldap -crypto DES-CBC-MD5 -pass * -ptype K=
RB5_NT_PRINCIPAL out c:\nis_data\host_jc1lqaldap.keytab

I did make sure that "User Kerberos DES encryption types for this account" =
was checked.
First I was getting:
root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host=
/jc1lqaldap.testdomain.com
kinit: KDC has no support for encryption type while getting initial credent=
ials

So I've checked "Do not require Kerberos preauthentication" and I get:
root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host=
/jc1lqaldap.testdomain.com
kinit: Key table entry not found while getting initial credentials

Where should that key table entry be located ?
I cannot go forward with this. Is there a way to get more verbose logging s=
o I can troubleshoot this.















Klist
root@jc1lqaldap:/etc# klist -ke -t /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Timestamp         Principal
---- ----------------- ----------------------------------------------------=
----
  12 12/31/69 19:00:00 host/jc1lqaldap.testdomain.com@TESTDOMAIN.COM (DES c=
bc mode with RSA-MD5)





Cat /etc/krb5.conf
[logging]
default =3D FILE:/var/log/krb5libs.log
kdc =3D FILE:/var/log/krb5kdc.log
admin_server =3D FILE:/var/log/kadmind.log

[libdefaults]
default_realm =3D TESTDOMAIN.COM
dns_lookup_realm =3D false
dns_lookup_kdc =3D false

default_tkt_enctypes =3D arcfour-hmac-md5 des-cbc-crc des-cbc-md5
default_tgs_enctypes =3D arcfour-hmac-md5 des-cbc-crc des-cbc-md5

[realms]
TESTDOMAIN.COM =3D {
  kdc =3D server.testdomain.com:88
  admin_server =3D server.testdomain.com:749
  default_domain =3D testdomain.com
}

[domain_realm]
..testdomain.com =3D TESTDOMAIN.COM
testdomain.com =3D TESTDOMAIN.COM

[kdc]
profile =3D /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam =3D {
   debug =3D false
   ticket_lifetime =3D 36000
   renew_lifetime =3D 36000
   forwardable =3D true
   krb4_convert =3D false
   validate =3D true
}





DISCLAIMER:
This e-mail, and any attachments thereto, is intended only for use by the a=
ddressee(s)named herein and
may contain legally privileged and/or confidential information. If you are =
not the intended recipient of this
e-mail, you are hereby notified that any dissemination, distribution or cop=
ying of this e-mail and any attachments
thereto, is strictly prohibited. If you have received this in error, please=
 immediately notify me and permanently
delete the original and any printout thereof. E-mail transmission cannot be=
 guaranteed to be secure or error-free.
The sender therefore does not accept liability for any errors or omissions =
in the contents of this message which
arise as a result of e-mail transmission.
NOTICE REGARDING PRIVACY AND CONFIDENTIALITY
Knight Capital Group may, at its discretion, monitor and review the content=
 of all e-mail communications.

http://www.knight.com<http://www.knight.com/>


0
cgomes (1)
4/28/2011 9:08:55 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
1057 Views

Similar Articles

[PageSpeed] 42

Reply:

Similar Artilces:

kprop: Key table entry not found while getting initial ticket
I try to take good notes so that I can reproduce my problems and successes. This week is the first time I have ever touched kerberos. I am using Red Hat ES3 and the default rpms. The short of it: kdb5_util dump /var/kerberos/krb5kdc/dump kprop -f /var/kerberos/krb5kdc/dump mail.eamc.net kprop: Key table entry not found while getting initial ticket Now what? My guess is that I am not asking for the correct ticket for kpropd. A normal inetd.conf entry would be: krb5_prop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd My thinking is that the second kpropd is my principal. Howeve...

Problem with kerberos working correct due to 2 Domains gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, Key table entry not found)
Hi guys, I'm working about 3 days at this problem and I can't fix it and now I have no more ideas: Customers environment: Windowsdomain with DC where all Users are: contoso.local Sless11 for Webapplication is in a domain: contoso.lan (this is not a Windowsdomain - just the server is configured for this And thats the problem. I don't know - how to manage these two domains. URL to access to the Webapplication is: When I now try to access from a Windowsmachine wich is in the Domain contoso.local at URL http://sless11.contoso.lan/webapp there comes a 401 from the apach...

newbie: error getting credentials: Server not found in Kerberos database
Hi! I never found the time to deal intensively with kerberos so please indulge me if this is ought to be a stupid question: kinit works. krsh does not: krsh server error getting credentials: Server not found in Kerberos database trying normal rlogin (/usr/bin/rlogin) So, this is what I did so far: server: /etc/krb5.conf: [libdefaults] default_realm = LOCALDOMAIN [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log /etc/hosts: 127.0.0.1 localhost 192.168.0.2 server server.localdomain real hostname is actually *not* "server"! kadmin.local: addprinc foo client: /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = LOCALDOMAIN default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [kdc] profile = /etc/krb5kdc/kdc.conf [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FI...

aklog:Key table entry not found while getting AFS tickets
I an trying to automatically obtain the AFS tokens upon login on a Mac 10.2.6 system. I have successfully configured the kerberos v5 and the OpenAFS 1.2.10 clients. I can login with kerberos and successfully verify its ticket with the klist command. I can also execute klog, obtain an AFS token and sucessfully access my AFS space. However, if I login with kerberos and try to execute "aklog", I receive the following messages: aklog: Couldn't get asu.edu AFS tickets: aklog:Key table entry not found while getting AFS tickets Any ideas on how to resolve this problem? Thanks! Jame...

ssh from windows xp (putty with kerberos) using NetIDMgr 1.1.8.0 (Kerberos for windows 3.1)
Has anyone got a version of putty to work with the Kerberos for Windows release 3.1? I'm running win xp and am able to get my kerberos 5 tokens fine (from CSAIL.MIT.EDU) in NetIDMgr, but I've tried various supposedly kerberos-aware versions of putty with no luck. Thanks. -- Greg -- Greg Sullivan gregs@csail.mit.edu (617)417-4746 (cell) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

Key table entry not found
Hello, I'm setting up a test KDC running on Solaris 9. The version I'm running is 5.1.3.1. I have successfully installed and setup my KDC server. I have tested it out on RH9 and everything is working there, as in being authenticated and such. I'm now trying to get kerberos authentication to work on another Solaris 9 box. But am running into problems. On the Solaris 9 box I have modified the pam.conf file to kerberos, copied the krb5.conf file from my kdc and ran kadmin as follows kadmin - admin/admin : ktadd host/machine_name.domain : quit When I t...

Windows Kerberos credentials cache
Hi all, one additional question to my previous post (Kfw & Oracle ccache compatibility): is there any way (tool) to identify credentials cache version?? Thank you very much in advance for any help! Best regards, Lubos -- -------------------------------------------------------------------------- Lubos Kejzlar Head of Laboratory for Computer Science Center for Information Technology Tel.: +420-377 632 710 University of West Bohemia +420-724 094 277 Univerzitni 8, 306 14 Pilsen Fax: +420-377 632 702 Czech Republic E-mail: kejzlar@civ.zcu.cz -------------------------------------------------------------------------- ...

key table entry not found #2
Hello , I have Virtual Network configured to use Kerberos authentication.The setup is as follows: Windows Server 2008 Standard SP2 (DC,DNS) (FQDN) labserver.lab.com; Debian Linux 5.0(lenny) (WebServer-Apache) (FQDN) debian.lab.com; Windows XP Prof. (client) (FQDN) zdravko.lab.com; They are in the DNS lookup zone.I create one test user account for accessing the client machine under given domain(lab.com).The user name is "achimtest1" and its password never expires,and it's not going to be prompted for changing.After that I create one "dummy" user which will be used for SPN(service principal name mapping to it).It's called "http-test" and the same flags are used as in "achimtest1" user + one more:"This account supports AES 256 bit encryption".I continued with creating the keytab file: c:\>ktpass /princ HTTP/debian.lab.com@LAB.COM /mapuser http-test@lab.com/pass Debian26 /crypto AES256-SHA1 /ptype KRB5_NT_SRV_HST /out http-test.keytab the keytab is successfully created and I have checked it with the following command:c:\>setspn -L http-test->I have the service principal name:HTTP/ debian.lab.com registered to it.I copy the "http-test.keytab" file via pscp to the Debian box in /etc/apache2/keytab/ directory.In /etc/hosts file in Debian I've deleted "127.0.0.1" line and replaced it with:"192.168.100.103 debian.lab.com debian";192.168.100.103 is the linux box's IP. In /etc/resolf...

Key table entry not found #3
Hi the list, I have two servers. One hosting a kerberos master and ldap master (server.lan) , one other hosting a kerberos slave and ldap replica (replica.lan). Kerberos is used by ldap for authentication SASL/GSSAPI. The kerberos realm is SERVER.LAN. All was running. But since some time, i get error messages with ldapsearch command. With the debug activated, i get the following message of ldapsearch: server:~ admin$ldapsearch -d 1 -b cn=mounts,dc=server,dc=lan .... res_errno: 80, res_error:<SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key table entry not found)>, res_matched:<> .... (Remark : As information i provide the entire debug at the end of this message) Because of the message "keytable entry not found", i tried to use kadmin and check if principle with root exists. But by using kadmin i get now this message : server:~ admin$ kadmin -proot@SERVER.LAN Couldn't open log file /var/log/krb5kdc/kadmin.log: Permission denied Authenticating as principalroot@SERVER.LAN with password. Password forroot@SERVER.LAN: kadmin: Communication failure with server while initializing kadmin interface server:~ admin$ I check the logfile owner, group owner, and permission. Then i compared with one other kerberos server. Permission and owner was different. I set permission identically. But nothing was changed. With kadmin.local i checked androot@SERVER.LAN exists in the list. ...

Getting a Windows username from an SID with Kerberos
I am running Linux in a corporate windows environment. I need to convert user's Active Directory security identifiers (SIDs) to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567 to mydomain\jbloggs. There are a few Windows tools that do this like SIDDecode and SidToName, but they don't work under wine. I've been reading about Kerberos and it seems it may be possible to achieve this. Does anyone here know how? -- -Toby Add the word afiduluminag to the subject to circumvent my email filters. On Thu, Oct 8, 2009 at 5:31 AM, Toby Newman <google@asktoby.com> wrote: > I am running Linux in a corporate windows environment. > > I need to convert user's Active Directory security identifiers (SIDs) > to usernames, for example S-1-5-21-484763869-1275210071-682003330-34567 > to mydomain\jbloggs. > > There are a few Windows tools that do this like SIDDecode and > SidToName, but they don't work under wine. > > I've been reading about Kerberos and it seems it may be > possible to achieve this. Does anyone here know how? Hi Toby, Kerberos has nothing to do with SIDs. SIDs are just the numeric id of an account in Windows. So this is off topic for this list but I'll give you some pointers: 1. Use rpcclient from the Samba package 2. Google for JCIFS, create a jcifs.smb.SID, use resolve() with suitable credentials and then toDisplayString(). Mike -- Michael B Allen Java Active Directory Integr...

replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Hi all Since we are migrating from Debian to RedHat, we are considering replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT Kerberos server (again with LDAP back-end) since RedHat packages are only available for MIT Kerberos. In order to make this migration/upgrade as transparent as possible for our users, we want to convert all the necessary info in the Heimdal back-end to the MIT back-end. Are there any pointers available for this kind of operation? E.g. things like conversion tables mapping the corresponding Kerberos-specific LDAP attributes? Or even scripts? I'm especially looking at the Kerberos key attributes, i.e. - Heimdal: krb5Key - MIT: krbPrincipalKey Is it possible to convert the former into the latter? Is there any code available for this operation? If not, we would have to require all our users to change their passwords at the same time, which is not very feasible. Thanks in advance Bart ...

Key table entry not found-this time with Heimdal
Hello, this is the same setup like in my previous post from this month,but this time I'm using heimdal-clients.I have removed all of the MIT packages that I have installed: krb5-user,krb5-clients. I have Virtual Network configured to use Kerberos authentication.The setup is as follows: Windows Server 2008 Standard SP2 (DC,DNS) (FQDN) labserver.lab.com; Debian Linux 5.0(lenny) (WebServer-Apache) (FQDN) debian.lab.com; Windows XP Prof. (client) (FQDN) zdravko.lab.com; [Windows Server 2008 Settings] They are in the DNS lookup zone.I create one test user account for accessing the client machine under given domain(lab.com).The user name is "zdravko1" and its password never expires,and it's not going to be prompted for changing.After that I create one "dummy" user which will be used for SPN(service principal name mapping to it).It's called "http" and the same flags are used as in "zdravko1": -User cannot change password; -Password never expires; -This account supports AES 256 bit encryption; I continued with creating the keytab file: c:\>ktpass /princ HTTP/debian.lab.com@LAB.COM <http://lab.com/> /mapuser http@LAB.COM /pass Debian26 /crypto AES256-SHA1 /ptype KRB5_NT_PRINCIPAL /out http.keytab Keytab version: 0x502 keysize 78 HTTP/debian.lab.com@LAB.COM <http://lab.com/> ptype 1 (KRB5_NT_PRINCIPAL) vno 3 etype 0x12 (AES256-SHA1) keylength 32 (0x......) The keytab is successfully created and I have checke...

gss-server: Key table entry not found
Hi, I cannot get gss-server worked. I have tried adding (using addprinc and ktadd) different combinations of name/host (klist -k confirms the successful addition) but still getting the same error: key table entry not found. Can you please tell me what entry it is looking for and how to resolve the problem? If you need any information about my system in order to help, kindly let me know. Thanks in advance. Regards, David. ...

Where are Kerberos configuration/credentials stored in a Windows ActiveDirectory environment?
I'm attempting to use Java's implementation of Kerberos in a Windows ActiveDirectory environment. I have discovered that it appears that Java and Windows each handle Kerberos configurations and credentials independently. For example, Java appears to store its credentials cache in c:\documents and settings\<username>\krb55cc_<username> So, the Java klist appears to draw from this file. However, the Microsoft Resource Kit klist appears to draw from somewhere else. Does anyone know where? I can't seem to find it in the registry or anything. Also, any locations of where...

Client not found in Kerberos database while initializing kadmin interface
I get this from typing 'kadmin' on the commandline of the KDC server itself. I have my own account on there which I can log into from gkadmin. Regards, Jason. -------------------------- Jason Oakley +612 82821434 Open and Intel Systems Systems Administrator http://www.eds.com Add a dab of lavender to milk Leave town with an orange and pretend you are laughing at it ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ...

RE: Where are Kerberos configuration/credentials stored in a Windows ActiveDirectory environment?
Windows stores credential data within the LSASS process, which you can query to some degree by calling LsaCallAuthenticationPackage (there should be documentation on this in the MSDN). Configuration data is stored in a variety of places depending on what you're after and not all of it is exposed to applications. What kind of data are you looking for? -Dave --- This message may originate from an unmonitored alias ("davespam") for spam-reduction purposes. Use "davidchr" for individual replies. This message is provided "AS IS" with no warranties, and conf...

Getting Kerberos ticket to extract user credentials in my site for login
Hi, I am new to Kerberos and just want to know that how can I get the user credentials from Kerberos service ticket in my application for login purpose. I want to implement Kerberos in such a way that my Active Directory user does not need to login to the my site and user just sends the request from browser and my site takes the Kerberos service ticket from the user in HTTP header and logs in the user automatically by getting the credentials from the Kerberos ticket and user accesses the site. Please do tell me that it can be done or not, if possible then how can I do it. Thanks in advance. ---- Regards Muhammad Usman, Bachelors of Information Technology, NUST School of Electrical Engineering and Computer Science. Mobile: +92-300-8391967 ...

Server not found in Kerberos database while getting a service url ticket
hello, I have added to my kerberos database the following principal: "http://localhost:8080/axis/services/test" . (It' s in a url format instead of being in the format: service/host@REALM.) So, the thing is that I would like to acquire a service ticket for that principal. To request a service ticket I am using gss api and follow the next steps: class KrbClient{ main(){ ..... //I have acquired the credentials from the ticket cache .... PrincipalName serviceName = new PrincipalName("http://localhost:8080/axis/services/test"); // create the tgs_req to ask for service tickets sun.security.krb5.KrbTgsReq tgs_req = new sun.security.krb5.KrbTgsReq(credentials, serviceName); tgs_req.send(); // get tgs_rep KrbTgsRep tgs_rep = tgs_req.getReply(); } } and it gets the folllowing error: KrbException: Server not found in Kerberos database (7) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:67) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:235) at KrbClient.requestServiceTicket(KrbClient.java:142) at KrbClient.main(KrbClient.java:39) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:134) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:59) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:54) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:50) ... 3 more >From the debugging of gss api: >>>KRBError: sTime is Mon ...

Kerberos for Windows
Hi, Does anyone know of a recent MIT Kerberos build for Wondows? Yes, I know there's something that passes for Kerberos under Windows by Microsoft, but for a wide variety of reasons I really need a consistent MIT Kerberos V on all machines in my environment regardless of OS. Jonathan ...

Kerberos on Windows
Hi there, I'm having major problems with Kerberos on Windows. I should mention that I'm a complete n00b when it comes to these things, and I'm really trying to spread my wings. I'm an I.T. tech at a high school in Australia. We use Windows 2003 (R2, SP2) domain controllers and XP workstations in a domain environment. There are also some Mac OS X 10.3/4/5 machines; also in play here are a few Linux servers - I've successfully set up our intranet site (PHP on Apache) to use Kerberos authentication, bound both linux servers to AD, and we're now working on squid authing via kerberos as well. The ultimate goal here is single-sign-on, with fallback to prompting the user to sign in if they don't have a ticket. Staff laptops aren't joined to the domain. On staff mac laptops, by just adding kinit user@DOMAIN to their "connect to network" script, users are able to connect to CIFS shares and printers on the AD2k3 servers with no problems, and Safari passes kerberos auth details to the intranet servers. This is a beautiful, incredibly simple solution, especially when compared to some of the previous AppleScript "solutions". On non-domain Windows XP laptops, that couldn't be further from the truth. Using MIT KfW's Network Identity Manager (or kinit), I'm able to request a ticket for the domain - no problems there. I can even do this for other users; I can even do this from workstations o...

kerberos under windows
Hi i'd like to know, is there any package like pykpass for windows? Or how to use this under windows. I need to authenticate users with kerberos under windows environment and have no idea how. Thanks for help. Kamil Malinka Kamil Malinka wrote: > Hi > > i'd like to know, is there any package like pykpass for windows? Or how to use this under windows. I need to authenticate > users with kerberos under windows environment and have no idea how. > Thanks for help. > > Kamil Malinka The Pywin32 package (http://sourceforge.net/projects/pywin32/) wraps the SSPI func...

"Key table entry not found while verifying ticket for server"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig07FDE7C699B5FF20AD258797 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Just added a new system tonight to our Kerberos realm, and was getting the following error when ksu'ing: "ksu: Key table entry not found while verifying ticket for server" Tried Googling for the error to no avail; what is the meaning of this error and how do I clear it? Best Wishes - Peter --=20 Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------enig07FDE7C699B5FF20AD258797 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFGtXWzPtVx9OgEjQgRAve6AJ97hWoo/FDyvCC27oHOamy1UiN6TQCfbcjm 8b550EYBPn8jKX8rHMDtmME= =znqF -----END PGP SIGNATURE----- --------------enig07FDE7C699B5FF20AD258797-- ...

ssh gssapi-with-mic and "Key table entry not found"
Hi, I'm trying to get ssh working using gssapi-with-mic authentication. I have about 40 machines running CentOS 5.7. (My bigger goal is to use NFSv4 mounts with "krb5p" security. All these machines mount the same NFSv4 share (think home directories) so my users need to be able to forward their TGT around.) What I'm ultimately running into is sshd complaining "Key table entry not found" on *most* of the servers---a random handful work, and I can't figure out how the working ones are different. So, here's an example: I'm trying to ssh from "lnxsvr3" to "lnxsvr11" using gssapi-with-mic authentication. Here's the output of trying to ssh: [matt@lnxsvr3 ~]$ ssh -v -o"PreferredAuthentications gssapi-with-mic" lnxsvr11 OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to lnxsvr11 [192.168.187.67] port 22. debug1: Connection established. debug1: identity file /mnt/home/matt/.ssh/identity type -1 debug1: identity file /mnt/home/matt/.ssh/id_rsa type 1 debug1: identity file /mnt/home/matt/.ssh/id_dsa type -1 debug1: loaded 3 keys debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3 debug1: match: OpenSSH_4.3 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version st...

Connecting to Exchange server: "Kerberos error: No credentials cache found"
I wonder if anyone has any ideas for figuring out what's causing the error message in the subject and how to get past it. Some details: 1. Connecting to an Exchange server, IMAP, ssl; my inbox-path looks like exchange.server/user=username/ssl/novalidate-cert 2. OS X 10.5 3. Same message occurs in PINE 4.64 and Alpine 2.00 4. I tried building Alpine with --no-krb5 and the message persists. I've used PINE for a long (long long) time and have a "when they pry it from my cold dead fingers" relationship with it. We just had a migration here from a groupwise server to this...

Win 2008R2 kdc and linux client: no support for encryption type while getting initial credentials
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! I want to setup a Windows 2008R2 server as a AD with a KDC to obtian krb5 tickets and later on obtain OpenAFS tokens with these tickets. Our setup: running Windows 2003 server with AD CGV.TUGRAZ.AT and running krb5 kdc on it. User, service principal afs for OpenAFS, works good so far. I added a second server with Windows 2008R2, added 2nd server to the AD domain and raised 2nd server as AD server. I set on the Win 2008R2: - - Add a REG_DWORD (32 bit) named KdcUseRequestedEtypesForTickets with value 1 at HKLM\SYSTEM\Curren...

Web resources about - kerberos and Windows 2008R2 - kinit: Key table entry not found while getting initial credentials - comp.protocols.kerberos

Resources last updated: 3/10/2016 9:33:31 PM