Using kerberos w/o binding to active directory
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Feb 16 09:04:32 EST 2005
David Carlin wrote:
> Berkeley has a set of instructions for their students to do this. Their
> AD also uses Kerberos for authentication:
>
> http://calnetad.berkeley.edu/documentation/interoperability/#item1
>
> It seems to have the students install a .reg file which has the same
> effect as running the neccessary ksetup.exe commands. I have tried
> using this method to no avail - creating an analogous registry file by
> copying those keys from a working machine on the active directory.
The directions from Berkeley are correct except that if they are running
Win2000 then the machine requires a reboot after the .reg file is
imported.
The user should then be able to browse with explorer and as long as they
use their full User Principal Name as known to the Active Directory
domain, they will be able to access the shares.
The users should also be able to start a cmd.exe session with the "Run
As" option and log into the local machine using their Active Directory
User Principal Name provided that they establish an account mapping.
Are you sure your users are using the full UPN and not just the first
component?
Jeffrey Altman
More information about the Kerberos
mailing list