[Samba] krb5 + samba config
Dieter Kluenter
dieter at dkluenter.de
Tue Feb 11 20:40:26 GMT 2003
Hi,
Peter Schüller <peter.schuller at infidyne.com> writes:
> [If you get this twice, ignore it. I had E-Mail MUA difficulties. ]
>
> Hello,
>
>> my W2K clients and users are authenticated by a native MIT Kerberos-V5
>> KDC, that is they get tickets and TGT, while user data are stored in
>
> I'm afraid I can't help you with your problem, but I was wondering if you
> could point me in the right direction as to how to make a Win2K client
> authenticate against a Kerberos KDC/realm?
>
> I've found some very-verbose-but-not-really-helpful documentation on
> Microsoft's site, but I still haven't figured out how to simply tell it "yes,
> authenticate using kerberos, and use this KDC".
It is quite simple, actually :-)
Prior to prepare your w2k workstations, you should have created
principals for your users and hosts on your KDC, see MIT Kerberos
Install Guide on how to do this.
On your W2K-System-CD, change to directory \support\tools\ and run
setup.exe, this will install beside other tools the utility "Ksetup".
Run fro the W2K command line
C:> Ksetup /setdomain YOUR.REALM.TLD
C:> Ksetup /addkdc YOUR.REALM.TLD your.kdc.server.tld
C:> Ksetup /mapuser user at YOUR.REALM.TLD <group> C:>Ksetup /mapuser **
If you have created a password for your host principal run additonally
C:> Ksetup /setmachpassword <password>
Finally run
C:> Ksetup without any further arguements to see if all is properly
setup.
Restart your workstation and you will have the choice either to login
on your local machine or to your KDC.
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter at schevolution.com
http://www.schevolution.com/tour
More information about the samba
mailing list