-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!
I want to setup a Windows 2008R2 server as a AD with a KDC to obtian krb5 tickets and later on obtain OpenAFS tokens with these tickets. Our setup: running Windows 2003 server with AD CGV.TUGRAZ.AT and running krb5 kdc on it. User, service principal afs for OpenAFS, works good so far. I added a second server with Windows 2008R2, added 2nd server to the AD domain and raised 2nd server as AD server. I set on the Win 2008R2: - - Add a REG_DWORD (32 bit) named KdcUseRequestedEtypesForTickets with value 1 at HKLM\SYSTEM\CurrentControlSet\services\kdc. - - In the DC's Local Security Policy, I enabled all ciphers by checking all 6 boxes at Security Settings \ Local Policies \ Security Options \ "Network security: Configure encryption types allowed for Kerberos" - - I set "use DES enctypes" for some test users (it was enabled for the afs service principal) I restarted the Win 2008R2 and setp a test client with Debian and krb5 version 1.8+dfsg~alpha1-7. I have a windows 7 enterprise test machine, to. On debian client I set the: allow_weak_crypto = true option in krb5.conf. With the Win 2003 kdc server I could obtian tickets and tokens. If I set the Win2008R2 server active in krb5.conf I get the: kinit: KDC has no support for encryption type while getting initial credentials error. This error appears on Win7 with Network ID Manager 1.3.1.0, to. Any idea how I can set the win2008R2 active to send out valid tickets from which I could obtain OpenAFS tokens? MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [email protected] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkuWHZgACgkQmWhuE0qbFyMV6ACeOeP2w4xrYta+kLAWrn9LkeeD +AkAn2bpcViL1AVqB4NkUdV51aM26P/Q =D6aU -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
