w2k client login to kerberos realm
Brian Thompson
brianpm at ghidra.eng.wayne.edu
Sun Nov 10 16:36:39 EST 2002
Hi all, I'm having a problem logging into a
non-windows kerberos realm from a w2k
workstation. The same realm username/password
works fine on the AD server due to a trust
and the w2k workstation can log in using
either a local account or an AD domain account.
The non-windows realm is on the domain pull-down
on the w2k workstation but logins don't work
unless I create a local account on the w2k
workstation with the same name as the kerberos
username. If I delete the local account it
doesn't work. There is an account in the AD
server with the same username which is the
proxy account that I really want to use.
Without the local account, I get two different
symptoms depending on whether or not I have
a "ksetup /mapuser * *" defined on the w2k
workstation. If username mapping is defined, I
get an error message about not being able to
map a SID to the username. If username mapping
isn't defined, I get the regular failed login
message.
Any assistance would be greatly appreciated!
Thanks,
Brian
More information about the Kerberos
mailing list