Cross realm authentication

Naveen bn Tue, 04 Jan 2011 05:21:04 -0800

<HTML xmlns:o = "urn:schemas-microsoft-com:office:office"><HEAD><TITLE>Samsung 
Enterprise Portal mySingle</TITLE>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type>
<STYLE id=mysingle_style type=text/css>P {
        MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; 
FONT-SIZE: 9pt
}
TD {
        MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; 
FONT-SIZE: 9pt
}
LI {
        MARGIN-TOP: 5px; FONT-FAMILY: Arial, arial; MARGIN-BOTTOM: 5px; 
FONT-SIZE: 9pt
}
BODY {
        LINE-HEIGHT: 1.4; MARGIN: 10px; FONT-FAMILY: Arial, arial; FONT-SIZE: 
9pt
}
</STYLE>


<META name=GENERATOR content=ActiveSquare></HEAD>
<BODY>
<META name=GENERATOR content=ActiveSquare>
<P><SPAN style="FONT-SIZE: 10pt"><SPAN style="FONT-SIZE: 9pt">Hi 
All,</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">Please guide me to get cross realm authentication working&nbsp;under 
windows 2008 server environment.</SPAN><o:p><SPAN style="FONT-SIZE: 
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">I 
have set up two domain with <STRONG>realm1 </STRONG>and <STRONG>realm 
2</STRONG> in 2 different windows servers. I have added a one</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt">way 
trust at realm1&nbsp;for realm2. </SPAN><SPAN style="FONT-SIZE: 9pt">The client 
is in realm1 wants to access a server at <STRONG>realm2</STRONG> . I got the 
</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">AS-REP with referral ticket for&nbsp;</SPAN><SPAN style="FONT-SIZE: 9pt; 
mso-spacerun: yes">&nbsp;</SPAN><SPAN style="FONT-SIZE: 9pt"><STRONG><A 
href="mailto:krbtgt/rea...@realm1";>krbtgt/rea...@realm1</A></STRONG> 
</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp;</SPAN><SPAN 
style="FONT-SIZE: 9pt">from realm1 KDC server , Now the problem is</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">&nbsp;the</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: yes">&nbsp; 
</SPAN><SPAN style="FONT-SIZE: 9pt">I am sending TGS-REQ </SPAN><SPAN 
style="FONT-SIZE: 9pt">to KDC server of <STRONG>realm2 </STRONG>by submitting 
referral TGT , but the server returns</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">&nbsp;with a KRB Error: </SPAN><SPAN style="FONT-SIZE: 
9pt">KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN </SPAN><SPAN style="FONT-SIZE: 9pt">even 
though the principal name is the same</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">&nbsp;as the name with </SPAN><SPAN style="FONT-SIZE: 9pt">working 
condition in single realm setup.</SPAN><o:p><SPAN style="FONT-SIZE: 
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 
9pt">&nbsp;</SPAN></o:p><SPAN style="FONT-SIZE: 9pt">In Info in TGS 
req.</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">Padata field -&gt;</SPAN><SPAN style="FONT-SIZE: 9pt; mso-spacerun: 
yes">&nbsp; </SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt; 
mso-spacerun: 
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 </SPAN><SPAN style="FONT-SIZE: 9pt">Tkt-vno: 5</SPAN><o:p><SPAN 
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; 
FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman'; 
mso-fareast-theme-font: minor-fareast; mso-no-proof: 
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 </SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 
'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: 
yes">Realm: realm1.com</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; 
FONT-SIZE: 9pt; mso-spacerun: yes; mso-fareast-font-family: 'Times New Roman'; 
mso-fareast-theme-font: minor-fareast; mso-no-proof: 
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 </SPAN><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; mso-fareast-font-family: 
'Times New Roman'; mso-fareast-theme-font: minor-fareast; mso-no-proof: 
yes">Server Name (Principal): krbtgt/realm2.com</SPAN><o:p><SPAN 
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="COLOR: 
#404040; FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; 
mso-fareast-theme-font: minor-fareast; mso-no-proof: 
yes">&nbsp;</SPAN></o:p><SPAN style="COLOR: #404040; FONT-SIZE: 9pt; 
mso-fareast-font-family: 'Times New Roman'; mso-fareast-theme-font: 
minor-fareast; mso-no-proof: yes">Kdc-Req-body-&gt;</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="COLOR: #404040; 
FONT-SIZE: 9pt; mso-fareast-font-family: 'Times New Roman'; 
mso-fareast-theme-font: minor-fareast; mso-no-proof: yes"></SPAN><SPAN 
style="FONT-SIZE: 9pt; mso-spacerun: 
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 </SPAN><SPAN style="FONT-SIZE: 9pt">Realm: REALM2.COM</SPAN><o:p><SPAN 
style="FONT-SIZE: 9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 9pt; 
mso-spacerun: 
yes">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 </SPAN><SPAN style="FONT-SIZE: 9pt">Server Name (Principal): 
ldap/win2003dpdnic.realm2.com</SPAN><o:p><SPAN style="FONT-SIZE: 
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 
9pt">&nbsp;</SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><o:p><SPAN style="FONT-SIZE: 
9pt"></SPAN></o:p><SPAN style="FONT-SIZE: 9pt">Please&nbsp;guide me on 
identifying and resolve the&nbsp;problem&nbsp;for cross realm 
authentication.&nbsp;&nbsp;</SPAN></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt"></SPAN>&nbsp;</P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">Thanks and Regards</SPAN><o:p><SPAN style="FONT-SIZE: 
9pt"></SPAN></o:p></P>
<P style="LETTER-SPACING: 0px" class=MsoNormal><SPAN style="FONT-SIZE: 
9pt">Naveen</SPAN><o:p><SPAN style="FONT-SIZE: 9pt"></SPAN></o:p></P></SPAN>
<P>&nbsp;</P><!--SP:naveen.bn--><!--naveen.bn:EP-->
<P>&nbsp;</P></BODY></HTML><img 
src='http://ext.samsung.net/mailcheck/SeenTimeChecker?do=819bad59c7908697f44e562e0b410c2369df4a29e858fba74b240a564ff6e9cb7c86263f3d414723d2cb7c2a93c43c11a728c55b39cc59eacf878f9a26ce15a0'
 border=0 width=0 height=0 style='display:none'>
________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Cross realm authentication

Reply via email to