Using kerberos w/o binding to active directory

David Carlin dcarlin3 at
Wed Feb 16 10:21:52 EST 2005

Jeffrey Altman wrote:

> The user should then be able to browse with explorer and as long as they
> use their full User Principal Name as known to the Active Directory 
> domain, they will be able to access the shares.

The active directory domain name is ADS.  The Kerberos Realm is 
INS.CWRU.EDU... I've tried ADS\Username, INS.CWRU.EDU\Username, 
Username at INS.CWRU.EDU, none of them work.

> The users should also be able to start a cmd.exe session with the "Run 
> As" option and log into the local machine using their Active Directory 
> User Principal Name provided that they establish an account mapping.

When I select 'Run As.' on cmd.exe it gives me an error "There are 
currently no logon servers available to service the logon request." when 
I try to login with INS.CWRU.EDU.  But, if I put in FOO.CWRU.EDU (which 
doesn't exist), I get the same error, so I don't want to read into that 
error message too much.

Another bit of information.. All DCs are Windows 2003 running in Server 
2003 mode.

Thanks for your help!

More information about the Kerberos mailing list