Thanks for replying. But my service was Cifs and my client is running as a virtual machine (fedora) in a virtual box installed in a Windows 7 machine. And the SPNs were also registered correctly for the domain
account. I am getting the service ticket, but the ticket was encrypted using domain account password hash . When I give this ticket to the application server in a Session setup Andx request , I am getting the error as
KRB5KRB_AP_ERR_MODIFIED. This is actually a delegation concept where the delegated user will get the service ticket for some other user X, so this is actually failing. But normal standalone user is works fine. My
client was a linux box. Finally AD and Application server are on the same machine and every one are VM's . My scenario is different where every one explains about http request to iis server and from iis server cifs
request to the app server. Can you please explain where I went wrong, regarding the server configuration for the constrained delegation in w2k3 server and the spns. the fedora machine is joined in to the domain also.
So we have 3 machines, one client , one linux box, one AD+App Server. From client to the linux box we do NTLM for the user X. From linux box delegated user login and give his credentials to the AD and get the
service ticket for the User X. Now this ticket which sent to the App server giving a reply error from host. Now every thing is a cifs service no http involved here. Please help as I tried a lot.
I registered SPN like this
setspn -a cifs/<hostname>.<domainname>.<com> <domainname>\<delegated_user>
setspn -a cifs/<hostname> <domainname>\<delegated_user>