Odd Kerberos issue

[sketch]

very simple:

10.3 client bound to AD w/ built-in plugin 🙂
log into domain OK 🙂
get kerberos TGT 🙂
try to connect to server…

get username/password/domain dialogue?! 🙁

this isn’t supposed to happen. Where’s my single sign-on? Why am I not getting a session ticket back from the AD KDC when I do log into the server? ARGH!

[sketch]

AD running on Win2003 server

[sketch]

well it looks like the issue is on the Windows side, but there’s still this issue that tickets don’t auto-renew unless the Kerberos app is open.

Does anybody have any ideas on where to find a fix?

and another issue: How do I get my 10.3 server to recognize the authority of the AD TGTs? Currently I’m working on using WGM for machine management while logging in with AD accounts. In order to do this properly I have to have the MacServer isolated, kerberose-wise. It’s NOT bound to the AD (which means I can’t even read information from the AD) and the Mac’s KDC is enabled. I then modify the edu.kerberos.mit file on the clients to access 2 realms.
I’d like to only have 1 realm for everything: the AD’s KDC.

[Author]

Posts