[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kerberos
Subject:    help: Host Authentication Failed
From:       Zhenlong Hou <zhou () rocketsoftware ! com>
Date:       2023-05-22 7:54:40
Message-ID: MN2PR07MB65925B3CD050326D613496D5B6439 () MN2PR07MB6592 ! namprd07 ! prod ! outlook ! com
[Download RAW message or body]

Hello everyone

I want to use Windows client/server + MIT Kerberos & OpenLadp to implement SSO \
authentication. On the application server side, I use LsaLogonUser() to ask for a \
Network style logon through S4U Kerb extension. But the LsaLogonUser() failed.
According to the KDC Server's log, there is a error "LOOKING_UP_SERVER: authtime 0, \
host/sample.com@SAMPLE.COM for host\/sample.com@SAMPLE.COM, Server not found in \
Kerberos database" in TGS_REQ. According to the application server's log, the \
sname-string is 1 item and SNameString is host/sample.com in req-body of tgs-req. I \
think the sname-string should be 2 items and SNameString are host and sample.com.

My question is the S4U in windows can't implement SSO authentication with MIT \
Kerberos & OpenLadp? Or I mistaken about some configuration on Windows side or on MIT \
Kerberos & OpenLadp side?

Thanks in advance
Chris

================================
Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main \
Office Toll Free Number: +1 855.577.4323 Contact Customer Support: \
https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from \
Marketing Messages/Manage Your Subscription Preferences - \
http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - \
http://www.rocketsoftware.com/company/legal/privacy-policy \
================================

This communication and any attachments may contain confidential information of Rocket \
Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you \
are not the intended recipient, please notify Rocket Software immediately and destroy \
all copies of this communication. Thank you. \
________________________________________________ Kerberos mailing list           \
Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos


[prev in list] [next in list] [prev in thread] [next in thread]