svn commit: samba r8148 - in branches/SAMBA_4_0/source: auth/kerberos include librpc librpc/idl librpc/ndr torture/auth

[Maurice Massar]

hi,

On Mon, Jul 04, 2005 at 03:42:08PM +0000, metze at samba.org wrote:
> - make the PAC generation code a bit more readable and add some outof memory checks

after a new ./setup/provision.pl I'm more or less back where I was
before:

a Windows 2000 Domainjoin does not create servicePrincipalName
attributes, so the logon will revert to non-kerberos mode. After adding:

servicePrincipalName: HOST/v01pc.hsg.schulen.kaiserslautern.de
servicePrincipalName: HOST/V01PC

to the machine acct, I get:

====
Kerberos: TGS-REQ nxx at HSG.SCHULEN.KAISERSLAUTERN.DE from 10.42.0.1 for
host/v01pc.hsg.schulen.kaiserslautern.de at HSG.SCHULEN.KAISERSLAUTERN.DE
[renewable_ok, canonicalize, renewable, forwardable]
Kerberos: LDB_message2entry:

Kerberos: uf2HDBFlags: userAccountControl: 00001000

Kerberos: uf2HDBFlags: HDBFlags: 0000212e

Kerberos: LDB_message2entry:

Kerberos: uf2HDBFlags: userAccountControl: 00010200

Kerberos: uf2HDBFlags: HDBFlags: 0000214e

Kerberos: Bad request for renewable ticket
====

and login is denied. Therefore I can not tell if my w2k-sp4 client
likes the PAC or not.

I'll try if I can get around this somehow..

cu
Maurice Massar