[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: help: Host Authentication Failed
From: Zhenlong Hou <zhou () rocketsoftware ! com>
Date: 2023-05-22 7:54:40
Message-ID: MN2PR07MB65925B3CD050326D613496D5B6439 () MN2PR07MB6592 ! namprd07 ! prod ! outlook ! com
[Download RAW message or body]
Hello everyone
I want to use Windows client/server + MIT Kerberos & OpenLadp to implement SSO \
authentication. On the application server side, I use LsaLogonUser() to ask for a \
Network style logon through S4U Kerb extension. But the LsaLogonUser() failed.
According to the KDC Server's log, there is a error "LOOKING_UP_SERVER: authtime 0, \
host/sample.com@SAMPLE.COM for host\/sample.com@SAMPLE.COM, Server not found in \
Kerberos database" in TGS_REQ. According to the application server's log, the \
sname-string is 1 item and SNameString is host/sample.com in req-body of tgs-req. I \
think the sname-string should be 2 items and SNameString are host and sample.com.
My question is the S4U in windows can't implement SSO authentication with MIT \
Kerberos & OpenLadp? Or I mistaken about some configuration on Windows side or on MIT \
Kerberos & OpenLadp side?
Thanks in advance
Chris
================================
Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main \
Office Toll Free Number: +1 855.577.4323 Contact Customer Support: \
https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from \
Marketing Messages/Manage Your Subscription Preferences - \
http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - \
http://www.rocketsoftware.com/company/legal/privacy-policy \
================================
This communication and any attachments may contain confidential information of Rocket \
Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you \
are not the intended recipient, please notify Rocket Software immediately and destroy \
all copies of this communication. Thank you. \
________________________________________________ Kerberos mailing list \
Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic