Re: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==


this is pretty much where the two outputs go different so I have a gut
feeling that this might be why ...

It's the proximate reason, yes. You are showing the key exchange rather
than user authentication which comes later, so this is not directly the
reason why you can't log in via Kerberos. However, this indicates that
the server does not think it can support Kerberos, so it would probably
not work for user authentication either.

any ideas how to go about fixing this ... making server1 to offer
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g== as an option?

There are a number of reasons why it might not work (missing keytab,
mismatched key version numbers, etc.). You usually get better error
messages for Kerberos on the server side; run the server in debugging mode
and see what it says.

--
Richard Silverman
res@xxxxxxxx

.

Relevant Pages

  • Re: Should DCs with DNS point to self first?
    ... > when you have all locally, by doing so IMO you're wasting server ... > good reason to do so IMO. ... there are far more issues associated with pointing a DC at itself for primary DNS than pointing at something else. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Recommended IMAP server
    ... Is there be any particular reason I should swap? ... pop3 mailboxes and passing it on to the imap server. ... > Trying to strip the HTML mail is quite a bit of a mess. ... tend to be much more attached to email clients. ...
    (comp.os.linux.networking)
  • Re: Backup Failing
    ... Directory Service Access auditing is enabled. ... and then click Server Management. ... Click Edit to open Group Policy Object Editor. ... >>> Reason: The process cannot access the file because it is being used by ...
    (microsoft.public.windows.server.sbs)
  • Re: XP App 1030 & Sys 40961 Errors
    ... This problem occurs because the Group Policy engine in Windows XP ... Professional and Windows Server 2003 does not have read permissions to the ... > cannot query for the list of Group Policy objects. ... > the reason for this was previously logged by the policy engine. ...
    (microsoft.public.windows.server.sbs)
  • Re: Allow log on locally in Default Domain Controller Policy.
    ... has a reason for local access to a DC. ... Even placing an FTP server on a DC, ... you can still set up your permission to avoid giving local logon access to ... >> There is no reason that a normal user needs to logon to a Domain ...
    (microsoft.public.cert.exam.mcse)