[31202] in Kerberos
Re: cross-realm authentication problem
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Bj=F8rn_Tore_Sund?=)
Sat May 30 18:35:29 2009
Message-ID: <4A21B45E.8050804@it.uib.no>
Date: Sun, 31 May 2009 00:34:06 +0200
From: =?ISO-8859-1?Q?Bj=F8rn_Tore_Sund?= <bjorn.sund@it.uib.no>
MIME-Version: 1.0
To: "Christopher D. Clausen" <cclausen@acm.org>
In-Reply-To: <3D5587AF530A4D9988E743A1472EC005@CDCHOME>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Christopher D. Clausen wrote:
> Bjørn Tore Sund <bjorn.sund@it.uib.no> wrote:
>> I'd like to thank Douglas Engert, Christopher Clausen and Guillaume
>> Rosse for the help with this matter. Netdom.exe was indeed the
>> answer, and as I was pestering our main AD honcho on the matter he
>> started to remember (I still don't...) that I'd pulled up that
>> command to him before - and the RHEL4 server where everything was
>> working had indeed at some vague past point in time been added as a
>> trusted server in AD.
>
> Can you let us know what exact command you actually ran that worked?
Since we don't have a separate dns domain for different OSes, only
different Kerberos realms, we need to map each server separately:
netdom.exe trust UIB.NO /domain:UNIX.UIB.NO /addtln:servername.fqdn
Knowing what to google for helps, this question has appeared again and
again over the years on this mailing list.
http://mailman.mit.edu/pipermail/kerberos/2005-September/008497.html is
detailed and gives a good run-through.
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund@it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
