Active Directory and Kerberos authentication - Help?! (fwd)

Craig White craigwhite at azapple.com
Wed Feb 15 17:41:49 MST 2006 

I had to be dns that was your issue. That or clocks...kerberos is very
time sensitive and if the clocks are too far out of sync...it will never
work.

I would check the authentication logs on the Windows server as that
might give clues to the problems - I don't have much experience with AD
driven domains.

Craig

On Wed, 2006-02-15 at 17:14 -0700, Bryan.ONeal at asu.edu wrote:
> My boxes are sitting on a isolated network (192.168.2.x) they talk to each
> other through a cheep Belkin router.  The windows server is the DNS server,
> but your assumption is correct. cornerstone.local is unreachable.  I find this
> odd as it the YaST DNS and Host Name app lists the Win server as the only
> DNS.  The Linux box can see the rest of the world just fine, and the windows
> box does contain explicit lookups for itself.
> 
> But I just wrote it into the host file and moved on...  Weird none the less
> though
> 
> However, I now get the response of Password Incorrect.  Any other thoughts?
> 
> 
> On Wed, 15 Feb 2006, Craig White wrote:
> 
> > On Wed, 2006-02-15 at 13:33 -0700, Bryan.ONeal at asu.edu wrote:
> > > Ok so I purchased a new server with SuSE EL9 and I am trying to get it to act
> > > as a samba server in my AD.  And while I can get it to join the domain just
> > > fine and server up shares with no problem, I still need to get the whole SSI
> > > thing to work (Single Sign In) 
> > > 
> > > First thing I need to do is get my Kerberos to work.  I can tell it is not
> > > because when I try 
> > > # kinit user at domain.local
> > > I get
> > > kinit: krb5_get_init_creds: unable to reach any KDC in realm cornerstone.local
> > > 
> > > In the Kerberos client set up (using YaST) my domain is CORNERSTONE and my
> > > realm is CORNERSTONE.LOCAL and the KDC server address is the IP of the Win2003
> > > SB Server.
> > > 
> > > And that just about puts me at the edge of my krb experience since prior to
> > > this it has always "Just Worked".  But then again I never tried putting a
> > > windows box in the krb mix.
> > > 
> > > Any thought?
> > > 
> > > And getting rid of windows is not a viable option ;)
> > ----
> > It's always a viable option, it may not be an option because someone has
> > ruled it out.
> > 
> > are you using the same dns servers that the rest of the network is
> > using? I don't think you will be able to get cornerstone.local to
> > resolve can you?
> > 
> > # host cornerstone.local
> > # host cornerstone.com
> > # host kerberos.cornerstone.com
> > 
> > do any of these resolve?
> > 
> > I presume that you are also using...
> > 
> > kinit user at CORNERSTONE.LOCAL
> > or
> > kinit user at CORNERSTONE.COM
> > 
> > or whatever is currently defined by your local dns
> > 
> > Craig
> > 
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> > 
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list