f



RE: kinit: KRB5 error code 52 while getting initial credentials

Thanks for the update Will.  I'll look into Solaris 10...> Date: Mon, 9 Jul=
 2007 15:43:48 -0500> From: William.Fiveash@sun.com> To: rfbass16@hotmail.c=
om> CC: kerberos@mit.edu> Subject: Re: kinit: KRB5 error code 52 while gett=
ing initial credentials> > On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Ba=
ss II wrote:> > > > I'm getting the following error on a Solaris 8 machine:=
 kinit: KRB5> > error code 52 while getting initial credentials > > > > So =
far my analysis shows this error to indicate the following: 0x34 -> > KRB_E=
RR_RESPONSE_TOO_BIG - Too much data > > > > According to a number of forums=
, some inheriant limitations exist with> > the Solaris 8 version of Kerbero=
s concerning the number of group> > memberships a user may have. In my Acti=
ve Directory, each user is a> > member of possibly many groups. To confirm =
this, I created a simple> > user with only membership to "Domain Users" and=
 was able to run kinit> > without issue. Also, I seen a number of forums re=
porting that the> > native version of Kerberos in Solaris 8 does not suppor=
t TCP.> > Apparently by default, once the package size of a Kerberos ticket=
> > reaches a specified max, TCP should be used.> > Support for TCP in Sola=
ris Kerberos was introduced in Solaris 10.> > > I have the following Kerber=
os packages loaded: SUNWk5pk kernel> > Kerberos V5 plug-in w/auth+privacy (=
32-bit) SUNWk5pkx kernel> > Kerberos V5 plug-in w/auth+privacy (64-bit) SUN=
Wk5pu user> > Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux u=
ser> > Kerberos V5 gss mechanism w/auth+privacy (64-bit) > > > > Are update=
d packages for Kerberos available for Solaris 8 environments> > that can ha=
ndle support for Kerberos over TCP and having a large> > number of group me=
mberships?> > There are no Solaris 8 packages to provide Kerberos over TCP =
at this> point. If you have a customer service agreement you can make a req=
uest> through your Sun service rep. for TCP/Kerberos support in Solaris 8.>=
 There is no guarantee that Sun will do this as there are costs to doing> t=
his and this support is available in Solaris 10. In fact Solaris 10> has a =
number of Kerberos improvements that make interop with a MS AD> easier.> > =
-- > Will Fiveash> Sun Microsystems Inc.> Austin, TX, USA (TZ=3DCST6CDT)
_________________________________________________________________
See what you=92re getting into=85before you go there.
http://newlivehotmail.com=
0
rfbass16 (4)
7/11/2007 1:10:19 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
628 Views

Similar Articles

[PageSpeed] 41

Reply:

Similar Artilces:

RE: kinit: KRB5 error code 52 while getting initial credentials #2
Any chance the Kerberos libs from Solaris 10 can port back to Solaris 8? So= me limitations have arisen such that an upgrade to Solaris 10 is not possi= ble yet. Is there any way to patch the Solaris 8 Kerberos??? =20 Thanks Ron > Date: Wed, 11 Jul 2007 11:42:49 -0500> From: William.Fiveash@sun.com> To:= rfbass16@hotmail.com> CC: William.Fiveash@sun.com; kerberos@mit.edu> Subje= ct: Re: kinit: KRB5 error code 52 while getting initial credentials> > On W= ed, Jul 11, 2007 at 01:10:19AM +0000, Ron Bass II wrote:> > > > Thanks for = the update Will. I'll look into Solaris 10...> > Note that there have been = a number of updates (some security related)> released for Solaris 10 so mak= e sure you get the latest bits.> > -- > Will Fiveash> Sun Microsystems Inc.= > Austin, TX, USA (TZ=3DCST6CDT) _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in one pla= ce! Find it! http://maps.live.com/?wip=3D69&FORM=3DMGAC01= ...

error : kinit(v5) : KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com). since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this error.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks in advance Sunil C Sunil Chandrasekharan wrote: > Hello all, > i am Sunil C. i have a domain named...

kinit: KRB5 error code 52 while getting initial credentials
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error c= ode 52 while getting initial credentials=20 =20 So far my analysis shows this error to indicate the following: 0x34 - KRB_E= RR_RESPONSE_TOO_BIG - Too much data=20 =20 According to a number of forums, some inheriant limitations exist with the = Solaris 8 version of Kerberos concerning the number of group memberships a = user may have. In my Active Directory, each user is a member of possibly m= any groups. To confirm this, I created a simple user with only membership = to "Domain Users" and was able to run kinit without issue. Also, I seen a number of forums reporting that the native version of Kerber= os in Solaris 8 does not support TCP. Apparently by default, once the pack= age size of a Kerberos ticket reaches a specified max, TCP should be used. =20 I have the following Kerberos packages loaded: SUNWk5pk kernel Kerbe= ros V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 p= lug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechani= sm w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w= /auth+privacy (64-bit)=20 =20 Are updated packages for Kerberos available for Solaris 8 environments that= can handle support for Kerberos over TCP and having a large number of grou= p memberships? _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in...

kinit: KRB5 error code 52 while getting initial credentials #2
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have. In my Active Directory, each user is a member of possibly many groups. To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue. Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP. Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used. I have the following Kerberos packages loaded: SUNWk5pk kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w/auth+privacy (64-bit) Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships? _________________________________________________________________ Local listings, incredible imagery, and driving directions - all in one place! Find it! http://maps.live.com/...

KRB5 error code 52 while getting initial credentials
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM ..xx.com = XX.COM co.yy = XX.COM ..co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version. Thanks Sunil C ---------------------------- In article <mailman.115.1197917539.11331.kerberos@mit.edu>,...

KRB5 error code 52 while getting initial credentials #2
Hello all, i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it.=20 users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy)=20 [domain_realm] xx.com =3D XX.COM ..xx.com =3D XX.COM co.yy =3D XX.COM ..co.yy =3D XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped i= t to the realm XX.COM . now i have some issues. 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) > ktpass -princ HTTP/test.co.yy@XX.COM 2) i somehow managed to get a keytab . i copied into Apache folder and executed the command. kinit -t /usr/local/apache/test03keytab HTTP/test.co.yy@XX.COM password: xxxx error : kinit(v5) : KRB5 error code 52 while getting initial credentials Please help me understand what is this erro.. is it some issue with domain mapping configuration in krb5.conf file? i am using kerberos 1.2.7 version= .. Thanks Sunil C ---------------------------- In article , sunilcnair wrote: > This is Su...

kinit(v5): KRB5 error code 68 while getting initial credentials
I have a huge Problem. Im trying to install a SSO for our Intranet-Webserver (Apache 2.0.55) on a SuSE Linux 10.0. Ist running very fine. But we have some Computers, which are NOT Part of the Active Directory Domain, so there the sso doesnt work. If the paste their Usernames into the Auth-Box (firstname.lastname@persona.de) it doesnt work. But the Useraccount exists in the AD. If they paste the real username (e.g. firstname.lastname@KONZERN.INTERN) it works fine. The problem: The user dont Know his real AD-Name. He knows just hier emailadress (firstname.lastname@persona.de) Anyone a solution? My krb5.conf "[libdefaults] default_realm = KONZERN.INTERN clockskew = 300 [realms] KONZERN.INTERN = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } persona.de = { kdc = w2kroot.konzern.intern default_domain = konzern.intern admin_server = w2kroot } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .konzern.intern = KONZERN.INTERN [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 ...

Re: KRB5 error code 52
SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP Hooshang > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > they fail the login with the "KRB5 error code 52" error. I read that this has > something to do with UDP packet size and to try TCP. Is there a way in SEAM to > have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was > hoping there was a configuration parameter in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos So what is the MaxTokenSize in SEAM, I just got a formula from MS on what they use for 2003. Also we don't have this issue in SEAM for Solaris 8 so what's different? thanks, Tyson Oswald h.dadgari@comcast.net wrote in message news:<100520041836.10730.4162E9A70001ACE5000029EA2200750784079D0E090B0E0BD208@comcast.net>... > SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP > > Hooshang > > > > Kerberos experts, > > > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try > > they fail the login with the ...

RE: Kerberos error 52 (0x34) when using kinit
Hello Douglas, Thanx for the response. I'll get the latest version from MIT and try again. Regards, Bruce. -----Original Message----- From: Douglas E. Engert [mailto:deengert@anl.gov] Sent: Friday, December 10, 2004 8:57 AM To: Wells, Bruce Cc: kerberos@mit.edu Subject: Re: Kerberos error 52 (0x34) when using kinit Wells, Bruce wrote: > Hello All, > I'm getting the above error when I try to get the initial ticket using > kinit. The KDC is Windows 2003 and the client is running on linux. My > understanding of kerberos and the KDC in particular is that if the KDC > can't send the response back via UDP it will switch over to TCP. My > question is this: Does the client need to programmactically take an > action if it recieves this error or will this be taken care of "under > the hood"? Also the client side (linux), is there a way to force the > communication to occur using TCP? Depends on the release of the Kerberos. MIT 1.2.x did not support TCP, 1.3.x does. Its a recent addition to Java as well. Theylibs wil switch as needed. The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to tell the client to use TCP if the message is over nnn bytes. Setting to 1 in effect says try TCP first. The problem is the ticket is large due to the PAC being included from AD. (IIRC) W2003 servers have a lower cut over size then W2000 servers. > > TIA, > Bruce E. Wells > > -----------------------------...

kerberos and Windows 2008R2
Hello Kerberos List, I'm trying to set a Kerberos ticket between a Unix and a Windows 2008 R2 se= rver. I've created a user on windows and used the ktpass to generate the Kerberos= keytab: C:\Windows\System32\ktpass princ host/jc1lqaldap.testdomain.com@TESTDOMAIN.= COM mapuser TESTDOMAIN\host_jc1lqaldap -crypto DES-CBC-MD5 -pass * -ptype K= RB5_NT_PRINCIPAL out c:\nis_data\host_jc1lqaldap.keytab I did make sure that "User Kerberos DES encryption types for this account" = was checked. First I was getting: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: KDC has no support for encryption type while getting initial credent= ials So I've checked "Do not require Kerberos preauthentication" and I get: root@jc1lqaldap:/etc# kinit -V -k -t /etc/krb5.keytab -c /tmp/krb5cc_0 host= /jc1lqaldap.testdomain.com kinit: Key table entry not found while getting initial credentials Where should that key table entry be located ? I cannot go forward with this. Is there a way to get more verbose logging s= o I can troubleshoot this. Klist root@jc1lqaldap:/etc# klist -ke -t /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- ----------------------------------------------------= ---- 12 12/31/69 19:00:00 host/jc1lqaldap.testdomain.com@TESTDOMAIN.COM (DES c= bc mode with RSA-MD5) Cat /etc/krb5.conf [logging] default =3D FILE...

Re: AIX 5.3: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
Christopher, I had the exact same problem. I was given 2 patches for KRB 1.4.1 and it fixed the problem. I applied the patches to my 1.4.2 source and the problem is resolved there too. Here are the patches: DNSGLUE.C Patch: *** ./src/lib/krb5/os/dnsglue.c.orig Fri Jan 14 17:10:53 2005 --- ./src/lib/krb5/os/dnsglue.c Thu May 5 11:39:52 2005 *************** *** 62,68 **** --- 62,76 ---- char *host, int nclass, int ntype) { #if HAVE_RES_NSEARCH + #ifndef LANL struct __res_state statbuf; + #else /* LANL */ + #ifndef _AIX + struct __res_state statbuf; + #else /* _AIX */ + struct { struct __res_state s; char pad[1024]; } statbuf; + #endif /* AIX */ + #endif /* LANL */ #endif struct krb5int_dns_state *ds; int len, ret; LOCATE_KDC.C Patch: >*** ./src/lib/krb5/os/locate_kdc.c.orig Thu May 5 08:06:45 2005 >--- ./src/lib/krb5/os/locate_kdc.c Thu May 5 11:34:27 2005 >*************** >*** 267,275 **** >--- 267,283 ---- > memset(&hint, 0, sizeof(hint)); > hint.ai_family = family; > hint.ai_socktype = socktype; >+ #ifndef LANL > #ifdef AI_NUMERICSERV > hint.ai_flags = AI_NUMERICSERV; > #endif >+ #else /* LANL */ >+ #ifndef _AIX >+ #ifdef AI_NUMERICSERV >+ hint.ai_flags = AI_NUMERICSERV; >+ #endif >+ #endif /* _AIX */ >+ #endif /* LANL */ > sprintf(portbuf, "%d", ntohs(port)); > sprintf(s...

permitted_enctypes = "des-cbc-crc" triggers 'kinit: Generic error (see e-text) while getting initial credentials'
I have this in my Suse 11.3 /etc/krb.conf for libdefaults: allow_weak_crypto = true # permitted_enctypes = "des-cbc-crc arcfour-hmac des3-cbc-sha1 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96" permitted_enctypes = "des-cbc-crc" Now if I try to kinit I get this error: kinit kinit: Generic error (see e-text) while getting initial credentials Why? Wendy ...

KRB5 error code 52
Kerberos experts, I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try they fail the login with the "KRB5 error code 52" error. I read that this has something to do with UDP packet size and to try TCP. Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was hoping there was a configuration parameter in krb5.conf. thanks, Tyson Oswald ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Tyson, I assume you use a Windows kdc and experience the pac field problem. There is now a patch for w2k and w2k3 to stop the creation of the pac field, which might help. Regards Markus "Tyson Oswald" <oswaldt@ameritech.net> wrote in message news:20041005182618.82769.qmail@web81508.mail.yahoo.com... > Kerberos experts, > > I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When > others try they fail the login with the "KRB5 error code 52" error. I > read that this has something to do with UDP packet size and to try TCP. > Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP > then TCP is that fails? I was hoping there was a configuration parameter > in krb5.conf. > > thanks, > Tyson Oswald > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https...

Re: I have problems getting readings from an Agilent 34401 using the LabView drivers from the IDN. I get VISA timeouts, error code is -1073807339.
I have also today seen the same error messages while trying to use the example code for the 34401A...... Anyone since found a solution? it does appear to be a timing issue. &nbsp; Thanks! Adam It was with the standard 34401 Plug and Play drivers I was seeing the problem. Running the examples within the driver was giving me a 410 error on the voltmeter. When I&nbsp;created a simple routine myself I also saw the same error. &nbsp; I have since downloaded the Project style 34401 drivers and all works well..... I am not quite sure where these differ and the reasoning behind the two st...

Re: Should be getting a constraint error in this code
Additionally to everything you've been told before consider RM 4.5(10). This paragraph allows a compiler to return the mathematically correct result for intermediate values even if it is out of range; only the final result must of course be in range. Thus the sum 216 may be held in a register (which can have a larger base range). I get the correct result 72 for your program unchanged compiled with and without -gnato; and also with and without pragma Unsuppress. ________________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! ...

Re: Macro coding:Getting error
I don't think that WHERE as statement is allowed in IMPORT. If it was, a statemet has no "=", so only .... where &con; .... would be possible, but I don't think that it is at all. So the only way might be the dataset option out=dataset( where=...) (not on the input, cause that isn't a SAS-dataset) Gerhard On Fri, 10 Jul 2009 04:33:50 -0700, BlackJacks <hentieduplessis@GMAIL.COM> wrote: >On Jul 10, 8:56 am, naga <nagabioc...@gmail.com> wrote: >> hi all >> pls find mistake >> we cant use where condition in proc import ???...

RE: Looking up Kerberos error codes
If you don't already have a mechanism for this, ERR.EXE is a great (Windows) tool for looking up error codes, including a good number of Kerberos errors: http://www.microsoft.com/downloads/details.aspx?FamilyId=BE596899-7BB8-4 208-B7FC-09E02A13696C&displaylang=en. > err /kerberr.h 13 # kerberr.h selected. # for decimal 13 / hex 0xd : KDC_ERR_BADOPTION kerberr.h # for hex 0x13 / decimal 19 : KDC_ERR_SERVICE_REVOKED kerberr.h # 2 matches found for "13" The constant names are probably different from mitkrb5, but they're usually similar enough to get the idea. I realize you may/may not have a Windows machine available for this purpose, but just in case. FYI. -Dave --- This message is provided "AS IS" with no warranties, and confers no rights. This message may originate from an unmonitored alias ("davespam") for spam-reduction purposes. Use "davidchr" for individual replies. Any opinions or policies stated within are my own and do not necessarily constitute those of my employer. This message originates in the State of Washington (USA), where unsolicited commercial email is legally actionable (see http://www.wa-state-resident.com). Harvesting of this address for purposes of bulk email (including "spam") is prohibited unless by my expressed prior request. I retaliate viciously against spammers and spam sites. > -----Original Message----- > From: kerberos-bounces@MIT.EDU > [mailto:kerberos-bo...

RE: kerberos error code 0x34
According to the MS Error Lookup tool, this is RESPONSE_TOO_BIG. See http://www.microsoft.com/downloads/details.aspx?FamilyId=BE596899-7BB8-4 208-B7FC-09E02A13696C&displaylang=en if you happen to be interested in this nifty but little-known gadget. Win2k and WS03 KDCs return this error when the kerberos response can't fit in a UDP packet, so it expects the client to retry with TCP. IIRC, recent versions of mitkrb5 support kerberos over TCP (I don't know what version exactly-- MIT guys?), so upgrading the non-Windows portion of your kerberos installation should get around this. --- This message is provided "AS IS" with no warranties, and confers no rights. This message may originate from an unmonitored alias ("davespam") for spam-reduction purposes. Use "davidchr" for individual replies. Any opinions or policies stated within are my own and do not necessarily constitute those of my employer. This message originates in the State of Washington (USA), where unsolicited commercial email is legally actionable (see http://www.wa-state-resident.com). Harvesting of this address for purposes of bulk email (including "spam") is prohibited unless by my expressed prior request. I retaliate viciously against spammers and spam sites. > -----Original Message----- > From: kerberos-bounces@mit.edu > [mailto:kerberos-bounces@mit.edu] On Behalf Of AD GOES > Sent: Wednesday, March 03, 2004 2:05 PM > To: kerberos@mit.e...

kinit: Preauthentication failed while getting initial credentials
Hola, estoy intentando conectarme desde Ubuntu (Kerberos) a un drectorio activo (Windows 2008) , pero tengo problemas. Datos Tecnicos: Dominio: NAME1.NAME2.COM Mi krb5.conf default =3D FILE:/var/log/krb5lib.log [libdefaults] ticket_lifetime =3D 24000 default_realm =3D NAME1.NAME2.COM [realms] NAME1.NAME2.COM =3D { kdc =3D dcwindows admin_server =3D dcwindows default_domain =3D NAME1.NAME2.COM } [domain_realm] ..name1.name2.com =3D NAME1.NAME2.COM name1.name2.com =3D NAME1.NAME2.COM Cuando intento hacer: kinit -V Administrador@NAME1.NAME2.COM e ingreso la contrase=F1a correctamente me arroja: kinit: Preauthentication failed while getting initial credentials Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente desde otro CD, no se si el problema es el Windows o la configuracion del Kerberos. Saludos. 2011/5/19 JODACAME <jodacame@gmail.com>: > Cuando intento hacer: > kinit -V Administrador@NAME1.NAME2.COM > e ingreso la contraseña correctamente me arroja: > > kinit: Preauthentication failed while getting initial credentials > > > Todo el problema inicio cuando reinstale el Windows 2008 Nuevamente > desde otro CD, no se si el problema es el Windows o la configuracion > del Kerberos. Acaso re-instalaste y _re-creaste_ el dominio de Active Directory? Podés re-instalar, pero tenés que recuperar los datos del dominio de tus backups. Nico -- Hello. Are you sure that the admin user isn't called administ...

Kerberos error 52 (0x34) when using kinit
Hello All, I'm getting the above error when I try to get the initial ticket using kinit. The KDC is Windows 2003 and the client is running on linux. My understanding of kerberos and the KDC in particular is that if the KDC can't send the response back via UDP it will switch over to TCP. My question is this: Does the client need to programmactically take an action if it recieves this error or will this be taken care of "under the hood"? Also the client side (linux), is there a way to force the communication to occur using TCP? TIA, Bruce E. Wells ------------------------------------------------------------------------ ------------------------- ------------------------- CONFIDENTIALITY AND SECURITY NOTICE This e-mail contains information that may be confidential and proprietary. It is to be read and used solely by the intended recipient(s). Citadel and its affiliates retain all proprietary rights they may have in the information. If you are not an intended recipient, please notify us immediately either by reply e-mail or by telephone at 312-395-2100 and delete this e-mail (including any attachments hereto) immediately without reading, disseminating, distributing or copying. We cannot give any assurances that this e-mail and any attachments are free of viruses and other harmful code. Citadel reserves the right to monitor, intercept and block all communications involving its computer systems. _______________________________________...

Kerberos error: Unknown code krb5 195
Hello group! I am new to this group and topic. I have been using pine as my primary email client for long, and never noticed the role of kerberos in the play. Until recently, on a newly installed Redhat EL5 server, when I open pine configured to connect to our Exchange 2007 server, I got: Kerberos error: Unknown code krb5 195 (try running kinit) for some.emailserver.edu I then did kinit >kinit >kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials What does this tell me and how do I shoot this problem? Thanks, Jindan Jindan Zhou <jindan@gmail.com> writes: > I then did kinit >>kinit >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > What does this tell me and how do I shoot this problem? Usually it means you either don't have an /etc/krb5.conf file or it's incorrect or doesn't include your realm information. It can mean various other things too (DNS problems, for instance), but krb5.conf is the first place to look. -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/> On Nov 5, 4:44 am, Russ Allbery <r...@stanford.edu> wrote: > Jindan Zhou <jin...@gmail.com> writes: > > I then did kinit > >>kinit > >>kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials > > What does this tell me and how do I sho...

RE: wxODBC: getting error code from database
Not knowing which database you are running against, so not knowing what SQLState "00000" is equivalent to for certain, I can only guess. My guess is that likely multiple statuses occurred, and you are seeing just the last status with this. See wxDb::DispAllErrors() to see how to check for all of the SQL errors that occurred. g > -----Original Message----- > From: Alexander Keusch [mailto:A.Keusch@gmx.at] > Sent: Wednesday, September 10, 2003 10:49 AM > To: wx-users@lists.wxwindows.org > Subject: wxODBC: getting error code from database > > ...

Re: Re: RE: Prob: failed to verify krb5 credentials: Server not
Okay... I used "tcpdump -s 65535 -w out.dump" to generate a dump of the network traffic and loaded it into Wireshark with the kerberos filter on... I get the following: The ticket: Client Realm: SRV.TEST.LAN Client Name (Principal): SlainDevil Tkt-vno: 5 Realm: SRV.TEST.LAN Server Name (Unknown): krbtgt/SRV.TEST.LAN Encryption type: rc4-hmac (23) Encryption type: des-cbc-md5 (3) And then the error message: error_code: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN (7) Realm: SRV.TEST.LAN Server Name (Service and Host): HTTP/wiki I guess the last point is the mistake, isnt it? It should be HTTP/wiki.test.lan? Anyone got a clue how to fix that? Currently I got no idea why this happens... :( -------- Kabel E-Mail Reply --------------- From: paul.moore@centrify.com To : slaindevil@kabelmail.de;deengert@anl.gov Date: 04.02.2009 01:35:12 <html> <text>So does that user have the correct spn. Adsiedit will tell you</text> <br /> <br /> <text>----- Original Message -----</text> <br /> <text>From:</text> <a href="/sites/mybox/forms/newmail.asp?sendto= slaindevil@kabelmail.de "> <text>slaindevil@kabelmail.de</text> </a> <slaindevil@kabelmail.de /> <br /> <text>To: Paul Moore;</text> <a href="/sites/mybox/forms/newmail.asp?sendto= deengert@anl.gov "> <text>deengert@anl.gov</text>...

RE: newbie: error getting credentials: Server not found in Kerberosdatabase
this error means a missing principal, try to open the /var/log/krb5kdc.log and check which principal is missing, simply add it and it will work. thanks ________________________________ From: kerberos-bounces@mit.edu on behalf of Timo Nentwig Sent: Mon 12/26/2005 3:41 PM To: kerberos@mit.edu Subject: newbie: error getting credentials: Server not found in Kerberosdatabase Hi! I never found the time to deal intensively with kerberos so please indulge me if this is ought to be a stupid question: kinit works. krsh does not: krsh server error getting credentials: Server not found in Kerberos database trying normal rlogin (/usr/bin/rlogin) So, this is what I did so far: server: /etc/krb5.conf: [libdefaults] default_realm = LOCALDOMAIN [realms] LOCALDOMAIN = { kdc = server.localdomain:88 admin_server = server.localdomain:750 } [domain_realm] .localdomain = LOCALDOMAIN localdomain = LOCALDOMAIN [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log /etc/hosts: 127.0.0.1 localhost 192.168.0.2 server server.localdomain real hostname is actually *not* "server"! kadmin.local: addprinc foo client: /etc/krb5.conf [libdefaults] ticket_lifetime = 600 default_realm = LOCALDOMAIN default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-cr...

Web resources about - RE: kinit: KRB5 error code 52 while getting initial credentials - comp.protocols.kerberos

Credential Recordings - Wikipedia, the free encyclopedia
Credential Recordings is a Nashville-based record label , focusing generally on the pop rock genre. It began branching out when it agreed on ...

GraphicMail, Janrain Engage Enable Email Newsletter Signup Via Facebook Credentials
... Janrain Engage to its clients’ customizable newsletter signup forms, allowing them to sign in with their Facebook account information, or credentials ...

Discussion of credentials of Maajid Nawaz - Quilliam - YouTube
Glenn Beck discusses the background of Quilliam Chairman Maajid Nawaz on Fox News - The Daily Beck.

Christos Kyrgios has ATP credentials revoked, forced to buy ticket to watch his brother Nick Kyrgios ...
Christos Kyrgios has had his ATP credentials revoked, denied entry to watch his brother Nick in his first round match at the Cincinnati Masters ...

John I Dent Cup: Wests show premiership credentials with entertaining 40-31 win against Royals
Wests showed they can't be discounted as a John I Dent Cup premiership threat on Saturday.

Facebook attacked with credential-harvesting malware - MediaFire, applications, Data Protection - Social ...
Dorkbot variant infection unusual because the criminals exploited a flaw in the file-sharing site MediaFire to spread the malware

Boland pushes Test credentials with five-for
SCOTT Boland rammed home his Test credentials with a five-wicket haul as Victoria put the markers down for a run away Sheffield Shield lead against ...

Obama mocks Romney military credentials
Sky News is Australia's leader in 24-hour news. Barack Obama has aimed to belittle rival Mitt Romney's commander-in-chief credentials, accusing ...

Newly discovered Mac malware tarnishes Apple's security credentials
Apple prides itself on producing more secure gadgets than rivals, but these latest bugs may have iFans worried.

Top AFL draft prospect Christian Petracca proves his midfield credentials
You might already know Christian Petracca. If you like football, like coffee and like to grab one inside the MCG then there's a very good chance ...

Resources last updated: 3/10/2016 2:05:57 PM