samba keytab support for AD and kinit -k
Luke Howard
lukeh at padl.com
Mon Nov 29 05:51:08 GMT 2004
> Rakesh> The issue is that in the Windows KDC, an SPN can not be
> Rakesh> used as a "user" for authentication and computers normally
> Rakesh> do not contain a UPN entry.
>
>That is not my understanding of the Microsoft KDC architecture. This
>claim also goes against interoperability tests I have conducted with
>Microsoft.
If I remember correctly, Rakesh is right. To do an AS-REQ you must
use the UPN or the SAM account name (regardless of the account type).
>Samba's handling of short names and Kerberos principals seems
>different than the Microsoft tools and tends to work much less of the
>time. IT would be great to see it more consistent with the Windows
>domain join procedure.
There are a bunch of fixes in 3.0.9, YMMV.
-- Luke
--
More information about the samba-technical
mailing list