[30983] in Kerberos
RE: Aqcuiring a TGT for a host/ principal using Active Directory
daemon@ATHENA.MIT.EDU (John Hefferman)
Wed Apr 8 12:56:31 2009
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 8 Apr 2009 18:54:26 +0200
Message-ID: <5DEBEADA3C05964F9A8D57D1B4DE467D02EA4A07@cernxchg42.cern.ch>
In-Reply-To: <a64bf030904080917q69a6ebffla0802679da50f453@mail.gmail.com>
From: John Hefferman <john.hefferman@cern.ch>
To: Javier Palacios <javiplx@gmail.com>,
"Wilper, Ross A"
<rwilper@stanford.edu>, manu <emmanuel.bouillon@cea.fr>,
Nikhil Mishra
<ls.niks@gmail.com>,
Srinivas Cheruku <srinivas.cheruku@gmail.com>, <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Dear All,
The problem was definitely related to the bug with SP1, as after
applying the hotfix and specifying +DesOnly when running ktpass, kinit
-kt works fine.
Thank you all for your time and the information,
John
-----Original Message-----
From: Javier Palacios [mailto:javiplx@gmail.com]
Sent: 08 April 2009 18:18
To: John Hefferman
Cc: kerberos@mit.edu
Subject: Re: Aqcuiring a TGT for a host/ principal using Active
Directory
On Wed, Apr 8, 2009 at 11:52 AM, John Hefferman <john.hefferman@cern.ch>
wrote:
> The problem I am experiencing, is that I can't seem to 'kinit -k'
using
> an spn of an instance type such as host/ when using an AD domain
> controller.
>
> The procedure is as follows:
> - I create a new account in active directory, such as 'computerA'
> - I run ktpass (or msktutil) to associate a host/ principal name with
> this account (host/computerA.fqdn@REALM) and create a keytab
You can try to install samba at the unix server, configure for
kerberos security and join it to the domain, an also try with
css_adkadmin.
Javier Palacios
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
