SEO

Hello all,

We are trying to get our AIX 5.2-ML7 box to auth user's passwords
against one of our Windows 2003 DC's. We've followed all the
instructions for setting up Kerberos auth detailed in the IBM AIX 5L
Version 5.2 Security Guide found at:
http://publib16.boulder.ibm.com/pser...ly_load_module
The installed package for Kerberos Client software (krb5.client.rte) on
this box is level 1.4.0.1.

When we try to telnet to the box and enter a given username/password,
the system returns the message: "3004-007 You entered an invalid login
name or password." The user in question is set up locally on the box,
and set to use the value "KRB5Afiles" for the attributes "Login
AUTHENTICATION GRAMMAR", and "Password REGISTRY", and the "PRIMARY
authentication method" is set to "SYSTEM". When we look at the Security
logs on the Win2003 DC, it does have a Success Audit entry (event ID
672) of Authentication Ticket Granted for the user. Trying a "kinit" on
the username also seems to work (does not return an error.)

We have a support call open with IBM, and have had one tech tell us
that Kerberos authentication is not supported against a Windows 2003
server. We have since escalated the call, since we can't believe in
this day and age that this can be true, and a search of Goolge groups
turns up at least one discussion where it looks like someone has it
working against a Win2003 DC. Can anyone confirm that you can indeed do
Krb auth against a Win2003 DC?

Thanks in advance for any help provided...

Will Dennis

On 2005-12-01, WDennis <willard.dennis@gmail.com> wrote:

> working against a Win2003 DC. Can anyone confirm that you can indeed do
> Krb auth against a Win2003 DC?

<raises hand>

No problems at all authenticating AIX 5.2 and AIX 5.3 accounts against
Active Directory, Win2003-style.

I can even change my Windows-password using "passwd" on AIX. Way cool.

Perhaps the article I wrote earlier this yeas is helpful:

http://groups.google.com/group/comp....fec92e7?hl=en&

Good luck,
--
Jurjen Oskam