我正在使用 kerberos 来验证用户及其失败。事件查看器中的审核失败详细信息如下
A Kerberos authentication ticket (TGT) was requested.
Account Information:
Account Name: ax
Supplied Realm Name: TEST.COM
User ID: NULL SID
Service Information:
Service Name: krbtgt/TEST.COM
Service ID: NULL SID
Network Information:
Client Address: ::ffff:2.2.2.60
Client Port: 38532
Additional Information:
Ticket Options: 0x40800000
Result Code: 0x6
Ticket Encryption Type: 0xffffffff
Pre-Authentication Type: -
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
结果代码 0x6 表示 Kerberos 数据库中不存在该用户,但我已经在 AD 中配置了一个用户。这是 Windows Server 2008(非 R2),用户帐户名为“axtest”,用户登录名为“ax/mytest”。域名是 test.com。从wireshark,我可以看到我的客户正在发送具有正确2个名称字符串项目ax和mytest的AS-REQ。我不确定它为什么会失败。
