Win logon to a MIT Kerberos V KDC?
Turbo Fredriksson
turbo at bayour.com
Thu Oct 3 07:22:37 EDT 2002
>>>>> "Tony" == Tony Hoyle <tmh at nodomain.org> writes:
Tony> Already done that. The system clock on Windows is correct
Tony> (to the nearest second). The windows kerberos clock is
Tony> incorrect. How do I make them equal?
To my knowledge (I also think I've read something about that on
some site I was looking through when I tried to get this to work
last week) Kerberos is using the system clock.
Now, I also remember that I got the same problem as you, but it
still works for me...
I'm reinstalling (for the n:th time to verify my documentation)
so I'll see if I get the same problem, but I don't think I will.
Last time I installed, this is what I did (it worked then, but
I'm setting up a demo machine which will have 6 OS'es that work
with Kerberos/AFS on it) to get W2k authenticated against my MIT
Kerberos V KDC:
1. Installed W2k Pro
2. Installed SP3
a. Auth to non-M$ KDC requires SP2 or greater!
SP3 is the latest from M$.
3. Executed the 'ksetup.exe' commands
a. ksetup /SetRealm MYREALM.TLD
b. ksetup /AddKdc MYREALM.TLD kerberos1.domain.tld
c. ksetup /AddKpasswd MYREALM.TLD kerberos1.domain.tld
d. ksetup /MapUser * *
e. ksetup /SetComputerPassword secretpw
4. Setup & Start w32time
a. net time /setsntp:fartein.ifi.uio.no
b. net start w32time
c. Setup w32time to start auto, not manually
5. Installed OpenAFS client
a. OpenAFS_Client_126.exe
That's the steps, in detail. Nothing forgotten, nothing hidden. Exept for
the occational reboots that's needed :). Works for me!
More information about the Kerberos
mailing list