w2k client login to kerberos realm
Tony Hoyle
tmh at nodomain.org
Mon Nov 11 06:48:33 EST 2002
On Sun, 10 Nov 2002 13:36:39 +0000, Brian Thompson wrote:
> username. If I delete the local account it
> doesn't work. There is an account in the AD
> server with the same username which is the
> proxy account that I really want to use.
>
If you're logging into a non-Windows kerberos account there *must*
be a local account mapped so that Windows can retrieve a valid SID
for the user. When you log into Active Directory this is done
automatically (via some extra data sent from the server). Logging
into an MIT domain is the same as logging in locally except the password
authentication is done via kerberos (all other authentication eg. network
shares is done as if you had logged in locally).
Tony
More information about the Kerberos
mailing list