Using kerberos w/o binding to active directory

Jeffrey Altman jaltman2 at
Wed Feb 16 09:04:32 EST 2005

David Carlin wrote:

> Berkeley has a set of instructions for their students to do this.  Their 
> AD also uses Kerberos for authentication:
> It seems to have the students install a .reg file which has the same 
> effect as running the neccessary ksetup.exe commands.  I have tried 
> using this method to no avail - creating an analogous registry file by 
> copying those keys from a working machine on the active directory.

The directions from Berkeley are correct except that if they are running
Win2000 then the machine requires a reboot after the .reg file is 

The user should then be able to browse with explorer and as long as they
use their full User Principal Name as known to the Active Directory 
domain, they will be able to access the shares.

The users should also be able to start a cmd.exe session with the "Run 
As" option and log into the local machine using their Active Directory 
User Principal Name provided that they establish an account mapping.

Are you sure your users are using the full UPN and not just the first

Jeffrey Altman

More information about the Kerberos mailing list