[31497] in Kerberos
Re: Trust between AD and MIT Kerberos
daemon@ATHENA.MIT.EDU (Markus Moeller)
Tue Sep 22 17:08:40 2009
From: "Markus Moeller" <huaraz@moeller.plus.com>
In-Reply-To: <mailman.20.1253609653.18120.kerberos@mit.edu>
Date: Tue, 22 Sep 2009 21:48:01 +0100
MIME-Version: 1.0
Message-ID: <39ydnT8l-eaapSTXnZ2dnUVZ8lCdnZ2d@brightview.co.uk>
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Do you look for something like ?
netdom trust WINDOWS2003.HOME /domain:SUSE.HOME /addtln:suse.home
This tells the w2k3 domain WINDOWS2003.HOME that hosts with in the domain suse.home belong to the MIT domain SUSE.HOME
Markus
"Mikkel Kruse Johnsen" <mikkel@linet.dk> wrote in message news:mailman.20.1253609653.18120.kerberos@mit.edu...> Hi All>> I have a trust between my Windows 2003 AD (HHK.DK) and my RHEL5 MIT> Kerberos (CBS.DK).>> On the Windows machines I have:>> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK> KdcNames: kdc1.cbs.dk kdc2.cbs.dk>>> Adding "HTTP/od.cbs.dk@CBS.DK" to my CBS.DK and using mod_auth_kerb in> Apache. SSO worked on both Windows and Linux clients with HHK.DK tokens.>> In my log file "/var/log/krb5kdc.log" I could see that a lot of request> came from windows machines.>>> Now the IT department created a UPN suffix on the AD called CBS.DK and> SSO stopped working on Windows clients. The request in> "/var/log/krb5kdc.log" stopped.>> We removing the UPN suffix from the AD, but Windows clients is not> working and the request to "/var/log/krb5kdc.log" do not happen anymore.> Everything is fine on Linux.>> It seems that Windows clients no longer uses the "HKLM\SYSTEM> \CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK" in the reg.>> Have been searching the net for month now. Anyone has any ideas what is> wrong ?>> Is there a way to map domain to realms in Windows like [domain_realm] in> krb5.conf ?>>> Med Venlig Hilsen / Kind Regards>>>>> Mikkel Kruse> Johnsen> Adm.Dir.>> Linet> Ørholmgade 6 st tv> Copenhagen N 2200> Denmark>> Work: +45> 21287793> Mobile: +45> 21287793> Email:> mikkel@linet.dk> IM:> mikkel@linet.dk> (MSN)> Professional> Profile> Healthcare>>> Network> Consultant>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
