[31088] in Kerberos
Re: kerberos tickets and the SPNs
daemon@ATHENA.MIT.EDU (Markus Moeller)
Fri May 8 17:35:43 2009
Message-ID: <A2C7F2C7C9E74C13A219123500EBCC93@VAIOLaptop>
From: "Markus Moeller" <huaraz@moeller.plus.com>
To: "Ravi Channavajhala" <ravi.channavajhala@dciera.com>,
"Douglas E. Engert" <deengert@anl.gov>
In-Reply-To: <73739dc10905081259l467ed5b9u36be3e8004e4b3c5@mail.gmail.com>
Date: Fri, 8 May 2009 22:34:22 +0100
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I use also msktutil and you can find it here
http://dag.wieers.com/rpm/packages/msktutil/
You can also use setspn -A host/fqdn in lowercase. instead of setspn -R.
BTW the original netjoin tool from MS used computer accounts not user
accounts. http://msdn.microsoft.com/en-us/library/ms808911.aspx
http://download.microsoft.com/download/win2000pro/2kkerb2/1.0/nt5/en-us/ad-unix.exe
I don't know why they changed their mind.
Markus
----- Original Message -----
From: "Ravi Channavajhala" <ravi.channavajhala@dciera.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Cc: "Markus Moeller" <huaraz@moeller.plus.com>; <kerberos@mit.edu>
Sent: Friday, May 08, 2009 8:59 PM
Subject: Re: kerberos tickets and the SPNs
Don't agree here. Natively adding a computer to AD and checking with
setspn -L didn't show any SPNs. Resetting the SPNs with setspn -R,
creates two entries
HOST/HOSTNAME$
HOST/HOSTNAME$.SHORTFORM DOMAIN
Both are incorrect....
The point is, I can manipulate SPNs to no end, but obviously no
success with Kerberos. My real issue is kerberos flip flopping with
'Server not found in Database' to 'Keytable entry incorrect Key
version'.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
