It works fine in a copy of Ubuntu running in Linux for Windows on the same Windows 10 machine.
> On Nov 3, 2017, at 9:53 AM, Charles Hedrick <hedr...@rutgers.edu> wrote: > > Here’s the conversation using tcpdump on the proxy server. The connection > opens, no data is sent in either direction, and KfW closes it. > > In case it matters, KfW is running in Windows 10 Fall Creator’s Update in a > VM on a Mac. > > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on ens32, link-type EN10MB (Ethernet), capture size 262144 bytes > 09:48:51.655867 IP heidelberg.cs.rutgers.edu.64543 > > services.cs.rutgers.edu.https: Flags [S], seq 1112026556, win 65535, options > [mss 1460,nop,wscale 5,nop,nop,TS val 348866560 ecr 0,sackOK,eol], length 0 > 09:48:51.655986 IP services.cs.rutgers.edu.https > > heidelberg.cs.rutgers.edu.64543: Flags [S.], seq 990987710, ack 1112026557, > win 28960, options [mss 1460,sackOK,TS val 32546177 ecr 348866560,nop,wscale > 7], length 0 > 09:48:51.656291 IP heidelberg.cs.rutgers.edu.64543 > > services.cs.rutgers.edu.https: Flags [.], ack 1, win 4117, options > [nop,nop,TS val 348866560 ecr 32546177], length 0 > 09:48:51.656783 IP heidelberg.cs.rutgers.edu.64543 > > services.cs.rutgers.edu.https: Flags [F.], seq 1, ack 1, win 4117, options > [nop,nop,TS val 348866560 ecr 32546177], length 0 > 09:48:51.657145 IP services.cs.rutgers.edu.https > > heidelberg.cs.rutgers.edu.64543: Flags [F.], seq 1, ack 2, win 227, options > [nop,nop,TS val 32546178 ecr 348866560], length 0 > 09:48:51.657401 IP heidelberg.cs.rutgers.edu.64543 > > services.cs.rutgers.edu.https: Flags [.], ack 2, win 4117, options > [nop,nop,TS val 348866561 ecr 32546178], length 0 > > >> On Nov 3, 2017, at 9:30 AM, Charles Hedrick <hedr...@rutgers.edu> wrote: >> >> I’m using KfW 4.1. Since there’s no documentation on krb5.ini, I used the >> same syntax as for krb5.conf >> >> kdc = >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fservices.cs.rutgers.edu%2FKdcProxy&data=02%7C01%7Chedrick%40rutgers.edu%7Cc5a5c58bfd4c4b5356c508d522bf5ffa%7Cb92d2b234d35447093ff69aca6632ffe%7C1%7C0%7C636453127701447995&sdata=BfTwuAAxnIuu1H0RpVWLHcdUIC%2FE7th8V5Gjf0EMg8g%3D&reserved=0 >> >> I’m not using http_anchor, since we have a commercial cert, and other >> implementations don’t need us to specify a CA cert. >> >> The error message says no kdc is reachable. >> >> On Nov 2, 2017, at 7:33 PM, Benjamin Kaduk >> <ka...@mit.edu<mailto:ka...@mit.edu>> wrote: >> >> On Wed, Nov 01, 2017 at 10:30:36PM +0000, Charles Hedrick wrote: >> >> I’ll try agian. Also KfW doesn’t seem to implement kdc proxy. I’d prefer not >> to open my kdc to the world. I’m currrently using the Proxy for home use. >> >> Hmm, could you say a bit more about what version of KfW you're using and >> how you've tried to configure MS-KKDCP? From the release notes, at least, >> it seems that KfW 4.1 should have this support available in some form. >> >> -Ben >> >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.mit.edu%2Fmailman%2Flistinfo%2Fkerberos&data=02%7C01%7Chedrick%40rutgers.edu%7Cc5a5c58bfd4c4b5356c508d522bf5ffa%7Cb92d2b234d35447093ff69aca6632ffe%7C1%7C0%7C636453127701447995&sdata=KYGuhWAWrMMoTNtVLcDUzAEXQ46wZFJqi7z1c4S%2FIgc%3D&reserved=0 > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
