It gives me the standard "Sorry...." However it did have something use full in the knowledge base regarding non admins trying to loginto the server council. I changed the test user to be an admin, and now I get a successful request. But still get the password incorrect error on the Linux side. >From what I can tell from the Windows side, the login is requested, a successful login is granted, special permissions are set, the they log off. This all happens over the course of a few seconds however the Linux box barks the rejection rite away. On Wed, 15 Feb 2006, Craig White wrote: > That pretty much settles the time issue for now... > > try another user/password combo just in case... > > You can click the link to get more information about that error which > sends the error code through to get you any specific information that > Microsoft has in it's error database. > > Craig > > On Wed, 2006-02-15 at 18:05 -0700, Bryan.ONeal@asu.edu wrote: > > Windows server gives Event ID 537 > > Logon Failure > > Reason: An error occurred during logon > > User Name: > > Doamin: > > Logon Type: 3 > > Logon Process: Authz > > Authentication Package: Kerberos > > Workstation Name: (Windows Server Name) > > Status Code: 0xC000005E > > Substatus Code: 0x0 > > Caller User Name: (Windows Server Name)$ > > Caller Domain: CORNERSTONE > > Caller Login ID:(0x0.0x3E7) > > Caller Process ID:1260 > > Transited Services: - > > Source Network Address: - > > Source Port: - > > > > Sadly this is greek to me. > > > > On Wed, 15 Feb 2006, Craig White wrote: > > > > > I had to be dns that was your issue. That or clocks...kerberos is very > > > time sensitive and if the clocks are too far out of sync...it will never > > > work. > > > > > > I would check the authentication logs on the Windows server as that > > > might give clues to the problems - I don't have much experience with AD > > > driven domains. > > > > > > Craig > > > > > > On Wed, 2006-02-15 at 17:14 -0700, Bryan.ONeal@asu.edu wrote: > > > > My boxes are sitting on a isolated network (192.168.2.x) they talk to each > > > > other through a cheep Belkin router. The windows server is the DNS server, > > > > but your assumption is correct. cornerstone.local is unreachable. I find this > > > > odd as it the YaST DNS and Host Name app lists the Win server as the only > > > > DNS. The Linux box can see the rest of the world just fine, and the windows > > > > box does contain explicit lookups for itself. > > > > > > > > But I just wrote it into the host file and moved on... Weird none the less > > > > though > > > > > > > > However, I now get the response of Password Incorrect. Any other thoughts? > > > > > > > > > > > > On Wed, 15 Feb 2006, Craig White wrote: > > > > > > > > > On Wed, 2006-02-15 at 13:33 -0700, Bryan.ONeal@asu.edu wrote: > > > > > > Ok so I purchased a new server with SuSE EL9 and I am trying to get it to act > > > > > > as a samba server in my AD. And while I can get it to join the domain just > > > > > > fine and server up shares with no problem, I still need to get the whole SSI > > > > > > thing to work (Single Sign In) > > > > > > > > > > > > First thing I need to do is get my Kerberos to work. I can tell it is not > > > > > > because when I try > > > > > > # kinit user@domain.local > > > > > > I get > > > > > > kinit: krb5_get_init_creds: unable to reach any KDC in realm cornerstone.local > > > > > > > > > > > > In the Kerberos client set up (using YaST) my domain is CORNERSTONE and my > > > > > > realm is CORNERSTONE.LOCAL and the KDC server address is the IP of the Win2003 > > > > > > SB Server. > > > > > > > > > > > > And that just about puts me at the edge of my krb experience since prior to > > > > > > this it has always "Just Worked". But then again I never tried putting a > > > > > > windows box in the krb mix. > > > > > > > > > > > > Any thought? > > > > > > > > > > > > And getting rid of windows is not a viable option ;) > > > > > ---- > > > > > It's always a viable option, it may not be an option because someone has > > > > > ruled it out. > > > > > > > > > > are you using the same dns servers that the rest of the network is > > > > > using? I don't think you will be able to get cornerstone.local to > > > > > resolve can you? > > > > > > > > > > # host cornerstone.local > > > > > # host cornerstone.com > > > > > # host kerberos.cornerstone.com > > > > > > > > > > do any of these resolve? > > > > > > > > > > I presume that you are also using... > > > > > > > > > > kinit user@CORNERSTONE.LOCAL > > > > > or > > > > > kinit user@CORNERSTONE.COM > > > > > > > > > > or whatever is currently defined by your local dns > > > > > > > > > > Craig > > > > > > > > > > --------------------------------------------------- > > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > > > To subscribe, unsubscribe, or to change you mail settings: > > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > > > > > > > --------------------------------------------------- > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > > To subscribe, unsubscribe, or to change you mail settings: > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > --------------------------------------------------- > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > To subscribe, unsubscribe, or to change you mail settings: > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change you mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss