[OT]: Externalized KDC ...

Luke Howard lukeh at PADL.COM
Thu Mar 25 10:56:18 GMT 2004

Generally there are two choices: individual workstations can use
an external KDC for authentication, with the proviso that users
must have local accounts; or you can setup a cross-realm trust
between an Active Directory domain and a "MIT" Kerberos realm,
with the proviso that MIT accounts must be duplicated in Active
Directory. In either case you need some sort of password
synchronization in order for downlevel (NTLM) authentication to

("MIT" in this case is Microsoft-speak for non-Active Directory
Kerberos. You could of course use Heimdal or CyberSafe.)

-- Luke

>From: "C.Lee Taylor" <leet at leenx.co.za>
>Subject: [OT]: Externalized KDC ...
>To: samba-technical at lists.samba.org
>Date: Thu, 25 Mar 2004 11:22:23 +0200
>Greetings ...
>    A little while ago, I saw chatter about Win2K server using an 
>external KDC, is there any more information that any body could point me 
>at ...

More information about the samba-technical mailing list