jouell

Asked: 2018-06-03 15:27:54 +0800 CST2018-06-03 15:27:54 +0800 CST 2018-06-03 15:27:54 +0800 CST

IE 10 not authenticating Cross Realm (Window AD to Unix/MIT Kerberos) via SPNego

Setup:

Domain1 - Win Server 2016 DC - PATRICA.COM
Win 7 Client is joined to Domain 1 - viewing shares on the DC work fine. www.thomas.com is added to 'local network' in IE 10
Domain2 - MIT Kerberos KDC - THOMAS.COM
Apache WWW/Mod_auth_kerb - keytabs for HTTP/[email protected] and other relevant forms.
Unix/Ubuntu client

All on 192.168.0.X - test network.

Two-way transitive trust setup w/same password.

The unix client can make a kerberized connection OK to WWW.

The windows client does not seem to lookup how to find THOMAS.COM. It looks up it's DNS name and does get a 401 Negoatiate back from the WWW server and then tries ntlm. I've tried running "ksetup /addkdc REALM IP" on both the windows client and the win 2016 DC. How does the client figure out www.thomas.com is part of THOMAS.COM?

IE 10 not authenticating Cross Realm (Window AD to Unix/MIT Kerberos) via SPNego

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

IE 10 not authenticating Cross Realm (Window AD to Unix/MIT Kerberos) via SPNego

0 Answers