Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Software > Active Directory DSML > Problems with C...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 1 Topic 576 of 615
 Post > Topic >>

Problems with Cross Realm Trust

by "William T. Holmes" <wtholmes@[EMAIL PROTECTED] > Apr 14, 2008 at 04:28 PM

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C89E58.E3A65AA0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello,

 

I am testing a cross realm trust setup and I am not getting anywhere. I
have an Windows 2003 R2 SP2 Active Directory and I am trying to setup a
Two Way Trust with an MIT Kerberos Realm.  I have Configured the domain
controller using:

 

Ksetup /addkdc MYREALM.COM mykdcserver.myrealm.com

 

Then I added the trust to use Active Directory Domains and Trusts.

 

Then on the MIT KDC I created the cross-realm principals. 

 

krbtgt/WINREALM.COM@[EMAIL PROTECTED]
 

The passwords for these principals are set the same as the trust
password that was set when I created the cross realm trust using the
Active Directory Domains and Trusts. 

 

I then configured a test user with an account mapping and created a
principal for that user in the MIT Kerberos Domain. 

 

When I attempt to authenticate I see the request coming in on the MIT
Kerberos Server but I am always denied access. 

 

Does anyone have a up to date guide on setting up a cross realm trunst?

 

Thanks


Bill


------=_NextPart_000_0001_01C89E58.E3A65AA0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml"
=
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @[EMAIL PROTECTED]
"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@[EMAIL PROTECTED]
 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
..MsoChpDefault
	{mso-style-type:ex****t-only;}
@[EMAIL PROTECTED]
 Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>Hello,<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>I am testing a cross realm trust setup and I am not =
getting
anywhere. I have an Windows 2003 R2 SP2 Active Directory and I am trying =
to
setup a Two Way Trust with an MIT Kerberos Realm.&nbsp; I have =
Configured the
domain controller using:<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Ksetup /addkdc MYREALM.COM =
mykdcserver.myrealm.com<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Then I added the trust to use Active Directory =
Domains and
Trusts.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Then on the MIT KDC I created the cross-realm =
principals. <o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal><a =
href=3D"mailto:krbtgt/WINREALM.COM@[EMAIL PROTECTED]
">krbtgt/WINREALM.COM@[EMAIL PROTECTED]
><o:p></o:p></p>

<p class=3DMsoNormal><a =
href=3D"mailto:krbtgt/MYREALM.COM@[EMAIL PROTECTED]
">krbtgt/MYREALM.COM@[EMAIL PROTECTED]
><o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>The passwords for these principals are set the same =
as the trust
password that was set when I created the cross realm trust using the =
Active
Directory Domains and Trusts. <o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>I then configured a test user with an account =
mapping and
created a principal for that user in the MIT Kerberos Domain. =
<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>When I attempt to authenticate I see the request =
coming in
on the MIT Kerberos Server but I am always denied access. =
<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Does anyone have a up to date guide on setting up a =
cross
realm trunst?<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Thanks<o:p></o:p></p>

<p class=3DMsoNormal><br>
Bill<o:p></o:p></p>

</div>

</body>

</html>

------=_NextPart_000_0001_01C89E58.E3A65AA0--




 1 Posts in Topic:
Problems with Cross Realm Trust
 "William T. Holmes&q  2008-04-14 16:28:34 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan12V112 Mon Dec 1 16:25:30 CST 2008.