I have a machine with WIN 2003 server and i have installed an Active Directory service and the domain is MICA.

I added the user testkerberos to the active directory

I have another machine with windows XP in the domain of the euri

I put in the directory C:\WINDOWS\krb5.ini this:


default_realm = MICA.FR

dns_lookup_kdc = true

dns_lookup_realm = false



kdc = Win2003srv

# admin_server = Win2003srv

# default_domain = mica.fr



# kdc = CONSOLE

I do a "kinit -5 testkerberos" on the win xp machine and the "klist -5" done :

Ticket cache: API:krb5cc

Default principal: testkerberos@MICA.FR

Valid starting Expires Service principal

04/12/07 17:06:59 04/13/07 03:06:59 krbtgt/MICA.FR@MICA.FR

It is OK.

On the win 2003 srv, I generate the krb5kt with the command:

ktpass.exe -out krb5kt -princ testkerberos/eu-000525.euri.fr@MICA.FR -pass testkerberos -mapuser testkerberos -crypto DES-CBC-CRC -ptype KRB5_NT_PRINCIPAL

And I put the krb5kt on the c:\windows on the windows XP.

When I run the command "gss-server testkerberos", the result is:

GSS-API error acquiring credentials: Miscellaneous failure

GSS-API error acquiring credentials: No principal in keytab matches desired name

When I run the command "gss-server testkerberos/eu-000525.euri.fr@MICA.FR", the result is:

GSS-API error importing name: An invalid name was supplied

GSS-API error importing name: Hostname cannot be canonicalized

I do the klist -k :

Keytab name: FILE:C:\\windows\\krb5kt

KVNO Principal

---- --------------------------------------------------------------------------

42 testkerberos/eu-000525.euri.fr@MICA.FR

Where is the mistake?

Please help me.


Kerberos mailing list Kerberos@mit.edu