[Freeipa-users] Windows client logon
Jimmy
g17jimmy at gmail.com
Mon Sep 19 20:17:07 UTC 2011
According to this:
http://mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Supported-Encryption-Types.htmlthere
are a ton of encryption options that XP does support, but I always get
this error if I define anything specific in the keytab:
Sep 19 20:09:30 csp-idm.pdh.csp krb5kdc[1246](info): AS_REQ (7 etypes {23
-133 -128 3 1 24 -135}) 192.168.201.150: NEEDED_PREAUTH: oper at PDH.CSP for
krbtgt/PDH.CSP at PDH.CSP, Additional pre-authentication required
Sep 19 20:09:30 csp-idm.pdh.csp krb5kdc[1246](info): AS_REQ (1 etypes {23})
192.168.201.150: ISSUE: authtime 1316462970, etypes {rep=23 tkt=18 ses=23},
oper at PDH.CSP for krbtgt/PDH.CSP at PDH.CSP
Sep 19 20:09:31 csp-idm.pdh.csp krb5kdc[1246](info): TGS_REQ (7 etypes {23
-133 -128 3 1 24 -135}) 192.168.201.150: BAD_ENCRYPTION_TYPE: authtime 0,
oper at PDH.CSP for host/crm1.pdh.csp at PDH.CSP, KDC has no support for
encryption type
There is a fix for Win7. I have a technet article I will post the link as
soon as I can. I had the Win7 system working with the freeipa 'admin' user
before I changed the admin user password, now it's broken. The MIT KFW
client can authenticate and get a ticket, but I need to get the native
windows authentication working.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110919/5e9dc885/attachment.htm>
More information about the Freeipa-users
mailing list