Re: Problems with Service Principle Unknown and Windows AD.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Re: Problems with Service Principle Unknown and Windows AD.

Buck Huppmann
On Thu, May 12, 2005 at 03:06:00PM +0200, Simon Tennant wrote:

> I am having trouble getting the Kerberos component
> working and get tcpdump shows the linux host receiving a
> KRB5KDC_ERR_S_PRINCIPLE_UNKNOWN error message

the preceding request PDU to the KDC from the linux host should
contain the name of the service principal it's trying to get a
ticket for. you just need to sift it out from the DER-encoding,
though it should be pretty obvious. tcpdump -s 1514 -X is your
friend (if the -X option is supported). hint: between the compo-
nents of the principal name (``service'' and ``instance''), in-
stead of the slash character you see in the human-readable
representation (as in ``service/instance@REALM''), you'll see
some DER TLV junk instead. (the first octet will be a 0x1b and
the next will probably be the length of the ``instance'' string)

h/t/h