Kerberos machine authentication - apparent authentication failures
From: JCB_MCSE_wannabe (JCBMCSEwannabe_at_discussions.microsoft.com)
Date: 05/30/05
- Previous message: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Next in thread: Steven L Umbach: "Re: Kerberos machine authentication - apparent authentication failures"
- Reply: Steven L Umbach: "Re: Kerberos machine authentication - apparent authentication failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 10:35:03 -0700
NOTE: This post was incorrectly posted under "Access Security" previously.
I misinterpreted the topic as resource access, not MS Access database
product...oh well!....
I am new to networking. I recently built a small AD-integrated DNS domain
network for labbing purposes using my TechNet Plus Server 2003 Ent. OS. The
single server is also running DNS and DHCP. All of my clients (yeah, all SIX
of them - I did say SMALL!) are running XPsp2. Hosts connect to the network
using wireless cards through a linksys NAT-enabled router/switch. The server
is hard wired to one of the switch ports on the linksys. I am using 128-bit
WEP encryption
and further control access using a MAC table of allowed hosts on the
wireless. Three machines are workstations and three are laptop/portables.
I successfully joined the client machines to the domain. They receive
DHCP-assigned IP addresses. However, when I run the Netdiag commmand, I
receive PASSING results for all tested parameters, EXCEPT the Kerberos test
which gives a: " [FATAL] Kerberos does not have a ticket for
host/mymachinename.mydomainname" result.
The strange thing is that immediately after I joined the machines to the
domain and ran Netdiag, a PASSING Kerberos result is obtained. HOWEVER, once
the machines are restarted, the Kerberos test yields a consistent FAILED
status. With Server2003/XP, I thought Kerberos v.5 was the default
authentication protocol. If my machine is not being authenticated, how come
I can still access domain resources? Should my audit logs show a "logon"
event instead of an "account logon" event if my machine is not authenticated?
Does anyone have an explanation? I would prefer guidance on how to
efficiently troubleshoot this problem and not just a "here, do this"
solution. The REAL problem is I don't yet have the troubleshooting skills
to effectively address the apparent Kerberos authentication failures.
Any help would be appreciated.
- Previous message: Robert Moir: "Re: Worm vs a Trojan Horse -- differences?"
- Next in thread: Steven L Umbach: "Re: Kerberos machine authentication - apparent authentication failures"
- Reply: Steven L Umbach: "Re: Kerberos machine authentication - apparent authentication failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
