Essential Authentication Information

We recommend that users install the MapPsuSpace program because it makes connecting to the UDrive and PASS space much easier.

If you do not wish to install that program, or you rather not map the UDrive as a letter but instead use the "UNC" directly, a "reg" file to set the registry is in this zip file if you have XP (see below for Windows 2000).  The contents of that file are:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Control\Lsa\Kerberos\Domains\dce.psu.edu]
"RealmFlags"=dword:00000008

A reboot is needed after making this registry change.  A HostToRealm key was added on 3/3/08 for Vista SP1, but removed later when server patches made it unnecessary.

Windows 2000

Windows 2000 computers need an additional registry setting to specify the "KDC" servers.   Please download this zip file instead of the one above and launch the reg file in it to do that.  It will create a binary value "KdcNames" with the names of the servers.   With Windows 2000 you probably have to reboot after setting that.

Windows 7

Besides the Kerberos domain key dce.psu.edu shown above, Windows 7 needs to be configured to allow two types of Kerberos encryption, one for the PASS space and one for the UDrive.   You can set these either from the Local Security Policy utility or adding a single registry entry.

The registry entry is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System\Kerberos\Parameters]
"SupportedEncryptionTypes"=dword:0000001D

You may download this zip file to set that and the dce.psu.edu realm described above.   After launching the reg file in the zip, it looks like you don't have to reboot or anything; you should be able to connect to both PASS and UDrive.

Alternatively, you can open the Local Security Policy snap-in from the Administrative Tools menu (which by default isn't on the start menu; right-click the start button, pick properties, then Sart Menu tab, then Customize button, then scroll the options to near the bottom where you should find the "System administrative tools").   From the Local Security Policy window, under Security Settings, then Local Policies, then Secuirty Options, scroll the policy list until you find "Network security: Configure encryption types allowed for Kerberos".  Double-click that and check DES_CBC_CRC (for PASS) and RC4_HMAC_MD5 (for UDrive).  You may wish to check all the encryption types to avoid problems later.  For example, AES256_HMAC_SHA1 was found to be needed for RDP to a Windows Server 2008 computer.  (11/16 09: reg file changed to use 1D for Supported EncryptionTypes, to include DES_CBC_CRC, RC4_HMAC_MD5, AES128_HMAC_SHA1 and AES256_HMAC_SHA1.).

Network Drives

Network Path Description
\\udrive.win.psu.edu\users Primary connection for user files
\\ubackup.win.psu.edu\users Online mirror; connect to this to get back a file from yesterday or the past 30 days

Note the "back-slashes" (\), not "forward-slashes" (/), which don't work.

Content Tagging: 

Last Updated January 27, 2011