svn commit: samba r8148 - in branches/SAMBA_4_0/source:
auth/kerberos include librpc librpc/idl librpc/ndr torture/auth
Maurice Massar
massar at unix-ag.uni-kl.de
Mon Jul 4 18:43:09 GMT 2005
hi,
On Mon, Jul 04, 2005 at 03:42:08PM +0000, metze at samba.org wrote:
> - make the PAC generation code a bit more readable and add some outof memory checks
after a new ./setup/provision.pl I'm more or less back where I was
before:
a Windows 2000 Domainjoin does not create servicePrincipalName
attributes, so the logon will revert to non-kerberos mode. After adding:
servicePrincipalName: HOST/v01pc.hsg.schulen.kaiserslautern.de
servicePrincipalName: HOST/V01PC
to the machine acct, I get:
====
Kerberos: TGS-REQ nxx at HSG.SCHULEN.KAISERSLAUTERN.DE from 10.42.0.1 for
host/v01pc.hsg.schulen.kaiserslautern.de at HSG.SCHULEN.KAISERSLAUTERN.DE
[renewable_ok, canonicalize, renewable, forwardable]
Kerberos: LDB_message2entry:
Kerberos: uf2HDBFlags: userAccountControl: 00001000
Kerberos: uf2HDBFlags: HDBFlags: 0000212e
Kerberos: LDB_message2entry:
Kerberos: uf2HDBFlags: userAccountControl: 00010200
Kerberos: uf2HDBFlags: HDBFlags: 0000214e
Kerberos: Bad request for renewable ticket
====
and login is denied. Therefore I can not tell if my w2k-sp4 client
likes the PAC or not.
I'll try if I can get around this somehow..
cu
Maurice Massar
More information about the samba-technical
mailing list