[Samba] Configure usage of MS Kerberos
Seppel
cw-news at gmx.de
Sun Jan 11 11:50:08 GMT 2009
Hi,
i would like to use on Centos 5 Microsoft kerberos tickets for
authentication for some applications. LDAP FDS for example.
For that I have to add some spn to Active Directory. And afterwards to
export this to local keytab.
---------
kadmin -q "add_principal -randkey ldap/${INSTANCE}.${fully-qualified-domain}"
Then, export that key to a keytab file. If you've deployed other
services which also authenticate users using Kerberos on the same
system, it's recommended that you give each one its own keytab file.
kadmin -q "ktadd -k /etc/dirsrv/slapd-${INSTANCE}/${INSTANCE}.keytab ldap/${INSTANCE}.${fully-qualified-domain}"
------------
My kerberos integration has beend done. net join, net testjoin, kinit
does work.
My problem at the moment is the kadmin command for add and export the
upn. I get always the following errors.
----
kadmin -k
Authenticating as principal host/wg-centos-fds1.xxx.xxx at XXX.XXX with
default keytab.
kadmin: Database error! Required KADM5 principal missing while
initializing kadmin interface
----
My main question is it possible to use kadmin to add/modify/export
upn/spn in a Active Directory?
Are there other linux tools to do that?
thanks for any help
best regards
seppel
More information about the samba
mailing list