Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Per buck you get more computing action with the small computer. -- R. W. Hamming

devel / comp.protocols.kerberos / help: Host Authentication Failed

SubjectAuthor
o help: Host Authentication FailedZhenlong Hou

1
help: Host Authentication Failed

<mailman.80.1684742094.1964.kerberos@mit.edu>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=363&group=comp.protocols.kerberos#363

  copy link   Newsgroups: comp.protocols.kerberos
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!tncsrv06.tnetconsulting.net!.POSTED.mailman.mit.edu!not-for-mail
From: zhou@rocketsoftware.com (Zhenlong Hou)
Newsgroups: comp.protocols.kerberos
Subject: help: Host Authentication Failed
Date: Mon, 22 May 2023 07:54:40 +0000
Organization: TNet Consulting
Lines: 40
Message-ID: <mailman.80.1684742094.1964.kerberos@mit.edu>
References: <MN2PR07MB65925B3CD050326D613496D5B6439@MN2PR07MB6592.namprd07.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Injection-Info: tncsrv06.tnetconsulting.net; posting-host="mailman.mit.edu:18.7.21.50";
logging-data="27524"; mail-complaints-to="newsmaster@tnetconsulting.net"
To: "kerberos@mit.edu" <kerberos@mit.edu>
Authentication-Results: mit.edu; dmarc=pass (p=none dis=none)
header.from=rocketsoftware.com
Authentication-Results: mit.edu; arc=pass smtp.remote-ip=18.9.3.18
ARC-Seal: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1684742092; cv=pass;
b=E49BP8w6MCNvz1bOKqF1FS2AOWx4rOsR99nMeaZAYcM/VGgKBSaJm5vkQDLBXD8yH+xARHElfsbtHakMOiYMngS3462tnPPaN7ewq4qUkGteSVBfH0gm7B3Mw29utjrjoRyBcsg25LiklVcRoFMLOzR3aBh3rKKu4fODh+xvbSvCk0AOi1Ce+zGIo2cI/SbMy6Q36JX7JdCnyzC+PAst20DP9aRZ57UCxV8O04v6qWV0QzAIc/kvelx9cqVjb4RlUFBo+5L/MNiTxHKPU9U7HI1b6HVKV7GXlP2ywIRsXXLiQjSXXr/qe1ADJlba6F8t2SuQUve49UArud7yQ92NzA==
ARC-Message-Signature: i=2; a=rsa-sha256; d=mit.edu; s=arc; t=1684742092;
c=relaxed/relaxed; bh=Kk56zAkeDPMWXuAGukBpIQbjx5+slCTztpUKDWNu1zU=;
h=DKIM-Signature:DKIM-Signature:From:To:Subject:Date:Message-ID:
MIME-Version;
b=Jcq8DJSYURVXwiLvWf2OqSAWlqorbKQwkxnEA26GmNmyMT4MZDTSC89JVub/EopZNRQCBxeVSOXm4zQCzd29QYfzPSl/Ed290aQlU8Ib/cNlOpNpn4td2E9Mc4+WBbfJc7lVoaS6yW4xMvPd9SBQlBWr6CMpF1Qg2ADL+10C1pW9n08NddkTHcFOSR9KX32FJjzPVy4SODvClZesoAHLdjcNyAvsDHQ9ipLLn05a0Uy4hb4WflLCAHPa/lIidWbDOwBdc+PAJMTjObD+utFwkOkgB/yX3rnFLuW6aUibQPdBjDcScoW3oqLdx5AZABxqhe9JYJxy5t+5k+c+gO9Dcw==
ARC-Authentication-Results: i=2; mit.edu; dkim=pass (1024-bit key)
header.d=mitprod.onmicrosoft.com header.i=@mitprod.onmicrosoft.com
header.b=TWf4EiLF;
dkim=pass (1024-bit key) header.d=rocketsoftware.com
header.i=@rocketsoftware.com header.b=OAS/14k8
Authentication-Results: mit.edu;
dkim=pass (1024-bit key) header.d=mitprod.onmicrosoft.com
header.i=@mitprod.onmicrosoft.com header.b=TWf4EiLF;
dkim=pass (1024-bit key) header.d=rocketsoftware.com
header.i=@rocketsoftware.com header.b=OAS/14k8
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=m+tWTRXOCODwS1+jJ4/zR1CSdTDmB0VnI0NkAy+Atd3w3d6y2dJuN3zAK+Qqk3iAfqAoYew9oQ4YNrWLnW6V1KGtZuVi/oWtg17p/g8AR29ABINz5wm0zkmZ5YS+Eu+LI6cCwJTVRXmjToV1LyO1el5N3fXwCNeHY36o7IMb8+Ak28M//Vr222hMUM93RmGb+4rd/eF11hVYy6LP/QOe9Qe2nncJvSN7WNBAHPuC18coFiP4msIMD6SK3zuUEe/uBv6X+xVM4HyKfvXiFxwB5AiTjdNGGnzQzrVMcXGl2RdYcuQMLPpQZyNtMXSX9eRpncOMoSViUq7rtulSxeB2IQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Kk56zAkeDPMWXuAGukBpIQbjx5+slCTztpUKDWNu1zU=;
b=NDv8HV+HV8u6NnnJiEoalnEBQaCQgecp23qpSyhcNbc2noAuqqxrpKvS3tHtj5fYBObXmGGn8igrIEwas0HW/+g4uQOvWyidruE6+G9KkB9Tag2tYs702wLj0aVc9rgdfRHRnbTxMz08gdnqawBi7aZps0sdBTL9D9+fcJdvONKRKy/FpnkDHEUOXNkC8t9AyzQN7e5rb/3TaQnosieOEAnBAF7mj2V/Xyb7zn39Hcj/g3kyPyFRW/oH7r+z6hFFZB0nJsDoRN94Bb5CVtUP22/A0ldcVNFhKiCs1+dXp/wB0ijssbaTUEdiiYiLB21DMvF6t/I3dJNH1B2bessPDA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
170.10.133.127) smtp.rcpttodomain=mit.edu smtp.mailfrom=rocketsoftware.com;
dmarc=pass (p=none sp=none pct=100) action=none
header.from=rocketsoftware.com; dkim=pass (signature was verified)
header.d=rocketsoftware.com; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mitprod.onmicrosoft.com; s=selector2-mitprod-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Kk56zAkeDPMWXuAGukBpIQbjx5+slCTztpUKDWNu1zU=;
b=TWf4EiLFQzIbgI38vs+MLzHKaYuEhZ71uELnuqZJeQW6B7FqAay9jgFYT317SUs0+72f2Tv2HoFJaHBM+6UnkBukJZ1YDYO7G/2Gm2PM7NztN3xBre+J1LLjx8BWCKs5GLJDG2mo4thlH4ditc8uSkr0aR1h2Or5RdThOp1lF0E=
Authentication-Results: spf=pass (sender IP is 170.10.133.127)
smtp.mailfrom=rocketsoftware.com; dkim=pass (signature was verified)
header.d=rocketsoftware.com;dmarc=pass action=none
header.from=rocketsoftware.com;
Received-SPF: Pass (protection.outlook.com: domain of rocketsoftware.com
designates 170.10.133.127 as permitted sender)
receiver=protection.outlook.com; client-ip=170.10.133.127;
helo=us-smtp-delivery-127.mimecast.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketsoftware.com;
s=mimecast20200430; t=1684742085;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type;
bh=Kk56zAkeDPMWXuAGukBpIQbjx5+slCTztpUKDWNu1zU=;
b=OAS/14k8T4hPJSyI7zg49vpyawic/vECG7dEKP7j+z69QzVSoP8/QGLMQIaZp/3Cs8LMcm
NtymYnJVLvM3E8smS5Vnbz6e0qZA8GA31HsVlVLGEM2xHa9+ctiss9KGyOdtkeCwxxOO9P
CGeMWG9yYNTov3pVmD5frXiGxN/qj0k=
X-MC-Unique: SN_dUQFnMZ6cCEcu8n54GA-1
Thread-Topic: help: Host Authentication Failed
Thread-Index: AdmMf6yn4TTZToQfSrecIbQLggw2Ow==
Accept-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-traffictypediagnostic: MN2PR07MB6592:EE_|BL0PR07MB4131:EE_|BN8NAM11FT103:EE_|BYAPR01MB5222:EE_
X-MS-Office365-Filtering-Correlation-Id: 7ac4d88b-d18d-4158-168c-08db5a99cf33
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0
X-Microsoft-Antispam-Message-Info-Original: NUmByuy8rlqMA6NFZCjMSGmRwRGB1/8kK8quLZEm1o89KSyl6maQ7MAH2K8kQgwdfygMXIcP78TVoC0hEfk9Rn4dl+gVjuqqFtt9L9JJraJD9izYvdW5itEYX7SKXr0ldFiIbLCO4MX3Xh11Qhz39mp9wrBM+zTfehLX7k+GPF3tZ6rf7a4M/u06Jw5b0AbLhPtxFdNWPN93kj9RuyH9wl3pEoCbL6NRddS7e/SDkKQOIM5qWWrQcRcZYTKZokt4YuGJPb2N6wgK30nppQcC3GF+jAYyTleQoONfSZRpp2zoS3bWdXMe8OhoHh1WkWObniDubAo3qUE6U6MOx80SCkHU6ZdutachD3wkLbJg99iSzpnRQW2H0UeJlmzCVWSZFqocteC0dbFbRGwZjHLYLiKqS6ZZpPvxqZ9rtomU1liI2nrIvJmXA2yOABOrgdqy1ah4FDXE0dAhZgJseK3W9p1Y2HoN6iYYnmIbgDYnV7l3xZyq9q/ZBIwv/ghnlWKKhOXEQ5CutI7s0qqOQ9e6rkEPzNraQjNtn0nVBS1LbxqguPqelZSpj9gnvWF/BQcF0yOmUYSDOyiyuoEw/XUm0a2XVRHTk3nnHIqV6qphU+tTjodcWb4HQKmFt6uQVtRL
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR07MB6592.namprd07.prod.outlook.com;
PTR:; CAT:NONE;
SFS:(13230028)(346002)(376002)(136003)(396003)(39850400004)(366004)(451199021)(5660300002)(52536014)(8936002)(8676002)(33656002)(83380400001)(40140700001)(2906002)(186003)(122000001)(38100700002)(38070700005)(86362001)(55016003)(6506007)(26005)(9686003)(966005)(71200400001)(316002)(6916009)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(478600001)(66899021)(41300700001)(7696005)(1406899024);
DIR:OUT; SFP:1101
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR07MB4131
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: rocketsoftware.com
Content-Language: zh-CN
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b:0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: BN8NAM11FT103.eop-nam11.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 1af3592f-7298-4dd5-fe49-08db5a99cc42
X-LD-Processed: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b,ExtAddr
X-MS-Exchange-AtpMessageProperties: SA
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 1cMAvsHiKy3aqQCjYpBX24BSXBw4lXSx7X4fZdA3FUHEftiCfSvg1jn2whhg0TgyyaisMvJ9Dnu8vgWSGhKCPXuQWIkuKs4y+BSiTqsBcTukJmAq54Ol1AahG3kBPaa0GYbMZ8GSBFLf4mmRklHcVjFUqOQWuI1U1JCbwOM4gTvYTDafGoRQUK0DgnAdg8rdDcHh8gMWRccsh9/NwqT/arHM4fGb/ZYfpLiwQyjyDClcRvMtOigIAEYEFN4V/bmRt65CX1A1yjHOrFDls1l/pfEI1pLljz/jTVQhztQxMfqO4iIu47gY8IINDJGt9CbS5nfiiwk613Yti1DwsINyb4crInKSYdr/yehqa7NdAr7zeiBi2+OJ8r93i+uK1BTBX5/vfpDSRaGxgLEEI4C1GlepUjrO62qjjOeTbMZc+zdLfDLBlaXtEOWnlupPTQXzK4FoxHLO+I2O9T4kVkuptL7CV/St5E3zpIUZGL7FfxBF6vZ736YA7NOx9/yG4yRqeVLJYGHtUvdhqYWAyzduwmUJRWkwpCIolFF98jVTwjBlMNm4g39zHsN4X66eOf0mvHFLRfusrRnIBrPukdULvY7bUioFdugJyg+tix3D7ZgEcGfgKhdu+PmciaWES19bwUGOHxfSfI7YGLkIWK5vrMgfpeyM4HTV0aqEb7UyO3s=
X-Forefront-Antispam-Report: CIP:170.10.133.127; CTRY:US; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM; H:us-smtp-delivery-127.mimecast.com;
PTR:us-smtp-delivery-127.mimecast.com; CAT:NONE;
SFS:(13230028)(4636009)(396003)(39860400002)(136003)(376002)(346002)(451199021)(786003)(316002)(33656002)(86362001)(26005)(9686003)(6506007)(40140700001)(2906002)(966005)(8676002)(6862004)(55016003)(5660300002)(52536014)(7696005)(498600001)(356005)(7596003)(7636003)(336012)(66899021)(70586007)(68406010)(83380400001)(1406899024);
DIR:OUT; SFP:1102;
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2023 07:54:45.5160 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ac4d88b-d18d-4158-168c-08db5a99cf33
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT103.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB5222
X-OriginatorOrg: mitprod.onmicrosoft.com
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: kerberos@mit.edu
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/options/kerberos>,
<mailto:kerberos-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos/>
List-Post: <mailto:kerberos@mit.edu>
List-Help: <mailto:kerberos-request@mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request@mit.edu?subject=subscribe>
X-Mailman-Original-Message-ID: <MN2PR07MB65925B3CD050326D613496D5B6439@MN2PR07MB6592.namprd07.prod.outlook.com>
 by: Zhenlong Hou - Mon, 22 May 2023 07:54 UTC

Hello everyone

I want to use Windows client/server + MIT Kerberos & OpenLadp to implement SSO authentication.
On the application server side, I use LsaLogonUser() to ask for a Network style logon through S4U Kerb extension.
But the LsaLogonUser() failed.
According to the KDC Server's log, there is a error "LOOKING_UP_SERVER: authtime 0, host/sample.com@SAMPLE.COM for host\/sample.com@SAMPLE.COM, Server not found in Kerberos database" in TGS_REQ.
According to the application server's log, the sname-string is 1 item and SNameString is host/sample.com in req-body of tgs-req.
I think the sname-string should be 2 items and SNameString are host and sample.com.

My question is the S4U in windows can't implement SSO authentication with MIT Kerberos & OpenLadp?
Or I mistaken about some configuration on Windows side or on MIT Kerberos & OpenLadp side?

Thanks in advance
Chris

===============================Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA 02451 ? Main Office Toll Free Number: +1 855.577.4323
Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy
===============================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor