Using kerberos w/o binding to active directory
David Carlin
dcarlin3 at yahoo.com
Wed Feb 16 10:21:52 EST 2005
Jeffrey Altman wrote:
> The user should then be able to browse with explorer and as long as they
> use their full User Principal Name as known to the Active Directory
> domain, they will be able to access the shares.
The active directory domain name is ADS. The Kerberos Realm is
INS.CWRU.EDU... I've tried ADS\Username, INS.CWRU.EDU\Username,
Username at INS.CWRU.EDU, none of them work.
> The users should also be able to start a cmd.exe session with the "Run
> As" option and log into the local machine using their Active Directory
> User Principal Name provided that they establish an account mapping.
When I select 'Run As.' on cmd.exe it gives me an error "There are
currently no logon servers available to service the logon request." when
I try to login with INS.CWRU.EDU. But, if I put in FOO.CWRU.EDU (which
doesn't exist), I get the same error, so I don't want to read into that
error message too much.
Another bit of information.. All DCs are Windows 2003 running in Server
2003 mode.
Thanks for your help!
More information about the Kerberos
mailing list