Samba + Kerberos backend - AD backend
kronda
kronda at atlas.cz
Tue Dec 16 13:14:28 GMT 2008
> Teach your Windows workstations about the Kerberos realm and how to
> reach the KDC. This is normally done using a utility called ksetup.exe
> (which you can find amongst the support tools on a Windows Server CD in
> the \support\tools directory):
> ksetup /addkdc YOUR.REALM kdc.example.org
> Reputedly this just sets a registry entry, so you can probably just hack
> it with regedit:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
> Control\Lsa\Kerberos\Domains\YOUR.REALM
> create a multi-string (REG_MULTI_SZ) value called "KdcNames" which
> contains the name of your KDC (or a list of KDCs if you have more than
> one).
> Reboot the Windows client.
Thanks for the answer. I've found these instructions somewhere before and I
tried that and it worked but this is exactly what I don't want to do -
special configuration of the client machines (in this case it is not joining
an AD domain but its becoming aware of a Kerberos realm which is sort of the
same). In this case, I guess, you cannot authenticate from a machine without
using (previously obtained) Kerberos ticket (i.e. by simply entering
centralized username/password).
--
View this message in context: http://www.nabble.com/Samba-%2B-Kerberos-backend---AD-backend-tp21030562p21032856.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.
More information about the samba-technical
mailing list