[Samba] Configure usage of MS Kerberos

Seppel cw-news at gmx.de
Sun Jan 11 11:50:08 GMT 2009


i would like to use on Centos 5 Microsoft kerberos tickets for  
authentication for some applications. LDAP FDS for example.

For that I have to add some spn to Active Directory. And afterwards to 
export this to local keytab.


kadmin -q "add_principal -randkey  ldap/${INSTANCE}.${fully-qualified-domain}"

Then, export that key to a keytab file. If you've deployed other 
services which also authenticate users using Kerberos on the same 
system, it's recommended that you give each one its own keytab file.

kadmin -q "ktadd -k  /etc/dirsrv/slapd-${INSTANCE}/${INSTANCE}.keytab ldap/${INSTANCE}.${fully-qualified-domain}"


My kerberos integration has beend done. net join, net testjoin, kinit 
does work.

My problem at the moment is the kadmin command for add and export the 
upn. I get always the following errors.

 kadmin -k
Authenticating as principal host/wg-centos-fds1.xxx.xxx at XXX.XXX with 
default keytab.
kadmin: Database error! Required KADM5 principal missing while 
initializing kadmin interface

My main question is it possible to use kadmin to add/modify/export 
upn/spn in a Active Directory?

Are there other linux tools to do that?

thanks for any help
best regards


More information about the samba mailing list