RE: Problems trying to authenticate Unix users via Active Directory

From: drwachd@xxxxxxxxxx ("Wachdorf, Daniel R")
Date: Thu, 25 Aug 2005 14:56:01 -0600

See

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/O
perations/3872f0d7-e4b3-49ed-9a4b-1fefbf0d4547.mspx

http://support.microsoft.com/?kbid=832572

-----Original Message-----
From: kerberos-bounces@xxxxxxx [mailto:kerberos-bounces@xxxxxxx] On
Behalf Of Bill Smith
Sent: Thursday, August 25, 2005 8:35 AM
To: kerberos@xxxxxxx
Subject: Problems trying to authenticate Unix users via Active Directory

We have a Solaris 9 box configured to authenticate users via AD.
Everything
used to work fine but recently, AD authentication has failed for some
users
but still works for others. As part of the troubleshooting process,
tried
running the kinit command for a user having problems and get the
following
error

kinit: KRB5 error code 52 while getting initial credentials

>>From what I've found, it seems to be an issue with the user being in
too
many AD groups, the Windows KDC wanting to use TCP rather than UDP, and
the
MIT version not supporting it. What I'm not certain on is whether is
the
version shipped with Solaris 9 is MIT-based or something proprietary to
Solaris. I've found some mention of setting a registry key on the
Windows
Domain controllers but have not been able to find anything specific. I
also
believe this issue cropped up after we began upgrading some of the
domain
controllers to Windows 2003.

At this point, we're still having the problem with no resolution. Has
anyone else encountered this issue? If so, is there a patch from SUN to

address it or did you have to do something else? Would appreciate any
insight into this problem

Thanks,

Bill

________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos

.

Prev by Date: Re: RC4-HMAC-MD5 with Apache2/mod_auth_kerb and ActiveDirectory -Problem
Next by Date: Re: Network address resolution problem on AIX
Previous by thread: Re: Problems trying to authenticate Unix users via Active Directory
Next by thread: RE: Problems trying to authenticate Unix users via Active Directory
Index(es):
- Date
- Thread

Relevant Pages

Re: Samba to access Windows
... > Currently my windows can access solaris 9. ... Windows box, within the confines of being able to authenticate on it, etc. ...
(comp.unix.solaris)
Kerberos and Solaris 9 problems
... Win 2000 ADS server with mixed results and was looking for some ... I can not authenticate with PAM to save my life (with any remote ... Telnet fails with the same error. ... Is this an issue with Solaris 9's built in kerb support (I am not ...
(comp.protocols.kerberos)
Intigrating Solaris with Active directory
... I am currently looking to intigrate a bunch of Solaris ... thinking is to use Kerberos to authenticate ...
(SunManagers)
Re: Fedora Core 5 LDAP client authentication problem with Solaris 9 iPlanet LDAP Server
... ay0my wrote: ... user can authenticate with a Solaris 9 iPlanet LDAP server. ...
(Fedora)
Re: LDAP + SSL on Solaris
... >> I used the sun ldap stuff to authenticate to eDir both from ... >SUN Native LDAP Client does work against OpenLDAP Server, for months, ... the solaris part has been a REAL pain. ...
(comp.unix.solaris)