So, after finally getting my work windows system to talk to our MIT
KDC, I thought I'd try and get my new home system to do that, too.
However, I'm having absolutely no luck. I followed the directions
mailed to me last time on doing this, which is what worked for my work
system, and it doesn't work for my home system.

ksetup on my work system shows:

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\quanah>ksetup
default realm = stanford.edu (external)
stanford.edu:
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
Realm Flags = 0x0 none
Mapping quanah@stanford.edu to quanah.



ksetup on my home system shows:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\quanah>ksetup
default realm = stanford.edu (external)
stanford.edu:
kdc = krb5auth1.stanford.edu
kdc = krb5auth2.stanford.edu
kdc = krb5auth3.stanford.edu
Realm Flags = 0x0 none
Mapping quanah@stanford.edu to quanah.



So, that looks right to me. On the KDC side for my work system:


Principal: host/deus-ex.stanford.edu@stanford.edu
Expiration date: [never]
Last password change: Thu Jun 29 11:16:19 PDT 2006
Password expiration date: [none]
Maximum ticket life: 1 day 01:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Thu Jun 29 11:21:45 PDT 2006
(quanah/admin@stanford.edu)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 3
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes:
Policy: default


On the KDC side for my home system:

k5admin: getprinc host/sw-90-717-287-3.stanford.edu
Principal: host/sw-90-717-287-3.stanford.edu@stanford.edu
Expiration date: [never]
Last password change: Fri Jan 19 10:38:42 PST 2007
Password expiration date: [none]
Maximum ticket life: 1 day 01:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jan 19 10:45:05 PST 2007
(quanah/admin@stanford.edu)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 3
Key: vno 1, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 1, DES cbc mode with CRC-32, no salt
Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt
Attributes:
Policy: default



Again, these match up. When I attempt to log in to the stanford.edu
domain on my home Windows system, I get the following error:

"The system could not log you on. Make sure your User name and domain
are correct, then type your password again."

Well, I'm sure both are correct, and I'm sure my password is correct,
too, because the KDC shows that my home system successfully talked to
it, and got all the tickets it should:

Jan 19 10:47:48 kerberos1 krb5kdc[8666]: AS_REQ (1 etypes {1})
171.66.155.86: NEEDED_PREAUTH: quanah@stanford.edu for
krbtgt/stanford.edu@stanford.edu, Additional pre-authentication
required
Jan 19 10:47:48 kerberos1 krb5kdc[8666]: AS_REQ (1 etypes {1})
171.66.155.86: ISSUE: authtime 1169232468, etypes {rep=1 tkt=16
ses=1}, quanah@stanford.edu for krbtgt/stanford.edu@stanford.edu


On both systems, my computer is part of the workgroup "stanford.edu".

Any thoughts on why identical setups aren't working much appreciated.

Also, please make sure your reply goes to the newsgroup, otherwise I
won't see it, since I'm not on the list.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html