net ads join <-> cross realm trust

Gerald (Jerry) Carter jerry at samba.org
Fri Aug 10 03:29:51 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Miguel Sanders wrote:
> Jerry
>  
> What I would like to see is the following:
> Now (using net ads join) I can see in kerbtray that a host and cifs
> service ticket are issued with the following form:
>      host/FQDN at WINDOWSDOMAIN <mailto:host/FQDN at WINDOWSDOMAIN> (in which
> FQDN is the fully qualified DNS name of the UNIX machine
>     cifs/FQDN at WINDOWSDOMAIN <mailto:cifs/FQDN at WINDOWSDOMAIN>
>  
> I would like to see that a host/FQDN at MIT <mailto:host/FQDN at MIT> and
> cifs/FQDN at MIT <mailto:cifs/FQDN at MIT> service ticket is issued by the
> cross realm since are UNIX principals are gathered in the MIT realm.

Then join the Samba box to you own MIT realm.  Create you own
keytab file.  But this is not the purpose of 'net ads join' which
joins the Samba host to the AD domain.  What you want is to
join the MIT realm.






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGu9uvIR7qMdg1EfYRAlIGAKCQul1gw0D530ZR6RsOwtHAn5nO8ACgiWds
kLVysrVdjQTOM0Eqnxu/9dw=
=Bwm2
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list