Re: Kerberos logon failure - Windows Server 2003 RTM

From: JK [MSFT] (jk_at_online.microsoft.com)
Date: 05/15/03

• Next message: Ken Schaefer: "Re: users & control panel"
• Previous message: kiml: "users & control panel"
• In reply to: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Next in thread: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Reply: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 14 May 2003 19:44:03 -0700

Ok that implies that you are using protocol transition which means you have
to satisfy the following requirements.
1) Domain must be in Windows 2003 native mode.
2) Act as part of operating system(TCB) privilege has to be granted to the
process that calls WindowsIdentity ON THE FRONTEND machine(where the code
runs) and not on the domain controller.
Please the protocol transition whitepaper for more details on these
requirements
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
ol/windowsserver2003/plan/constdel.asp
# 2 is most likely what you are missing. If you still cant get it to work
can you cut and paste the exact error message from ASP.NET?

"Henrik Andersson" <henrikanderzon@hotmail.com> wrote in message
news:9ee5c9cf.0305132300.272560a0@posting.google.com...
> I cannot log in manually with the created user accounts and thats
> fine. I am not supposed to be able to do this.
>
> When I call the WindowsIdentity constructor I supply the user
> principal name: public WindowsIdentity(string serPrincipalName). Where
> UPN is Domain\Username.
>
> /Henrik
>
>
>
>
>
>
> "JK [MSFT]" <jk@online.microsoft.com> wrote in message
news:<OJxc#7ZGDHA.2264@TK2MSFTNGP12.phx.gbl>...
> > Have you tried logging on manually to see if that works?
> > Also are you supplying the password to the WindowsIdentity constructor
or
> > logging on without the password?
> >
> >

• Next message: Ken Schaefer: "Re: users & control panel"
• Previous message: kiml: "users & control panel"
• In reply to: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Next in thread: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Reply: Henrik Andersson: "Re: Kerberos logon failure - Windows Server 2003 RTM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Problem with Protocol Transition ... I'm using protocol transition to create user accounts in an ASP.NET context. ... The login seems to be working ok, but I'm getting a nasty security exception ... Dim user as WindowsIdentity = New ... Dim user as WindowsIdentity = New WindowsIdentity, ... (microsoft.public.dotnet.framework.aspnet.security) Re: Windows Identity within Forms Authentication in ASP.NET ... One thing you could do is use S4U (protocol transition) to create a ... WindowsIdentity for the user. ... This requires that you have the user's UPN ... of the Forms Authentication protocol for business reasons in my ... (microsoft.public.dotnet.security) Re: Get role for any given user name ... The Protocol Transition constructor takes the UPN syntax: ... >> have a look at the ctor of WindowsIdentity that takes a string. ... (microsoft.public.dotnet.security) Get an unauthenticated windowsIdentity? ... I have a case where I need to get a WindowsIdentity for an account that has ... LogonUser first, but I want to get the identity without logging on. ... (microsoft.public.dotnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint