Cross-realm Authentication with Windows Server 2003

Mon, 14 Mar 2005 15:53:16 -0800

We are trying to setup a kerberos pass-thru authenticated logon in a windows 2003 server forest. We have tried the following steps to get the pass-thru to work, but are currently getting an error message when we try to login. We have done the following steps on both the AD controller and the Kerberos server.

Active Directory Domain is AD.SCHOOL.EDU
Kerberos realm is SCHOOL.EDU
Kerberos server

Active Directory Server
1. ran the following command "ksetup /addkdc SCHOOL.EDU kerberos.SCHOOL.EDU"
2. ran the command "netdom TRUST AD.SCHOOL.EDU /Domain:SCHOOL.EDU /Add /Realm /PasswordT:"Someolpswd"
3. ran the command "netdom TRUST AD.SCHOOL.EDU /Domain:SCHOOL.EDU /Transitive:yes"
4. Restarted the AD server

Kerberos Server
1. ran the command kadmin: addprinc -e des-cbc-crc:normal krbtgt/ad.school.edu 2. entered in "Someolpswd" when prompted for the password
3. added to the hosts file "<ip address> ad.school.edu ad"
4. added to the krb5.conf file: [realms]
AD.SCHOOL.EDU = {
kdc = dc.ad.school.edu
admin_server = dc.ad.school.edu
}

   [domain_realm]
        .ad.school.edu = AD.SCHOOL.EDU

When looking at the logs, we get the following information:

Mar 14 16:10:19 kerberos.school.edu krb5kdc[15690](info): AS_REQ (7 etypes {23 
-133 -128 3 1 24 -135}) 128.128.128.128(88): ISSUE: authtime 1110838219, etypes 
{rep=3 tkt=16 ses=1}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
Mar 14 16:10:19 kerberos.school.edu krb5kdc[15690](info): TGS_REQ (5 etypes {23 
3 1 24 -135}) 128.128.128.128(88): UNKNOWN_SERVER: authtime 1110838219,  [EMAIL 
PROTECTED] for krbtgt/[EMAIL PROTECTED], Server not found in Kerberos database

Any ideas on why we are getting the error "Server not found in Kerberos database"?

Thanks,

-Jeremy J. Casper
[EMAIL PROTECTED]
Office of Information Technology
University of Minnesota
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to