cross-realm authentication problem
Bjørn Tore Sund
bjorn.sund at it.uib.no
Sat May 30 18:34:06 EDT 2009
Christopher D. Clausen wrote:
> Bjørn Tore Sund <bjorn.sund at it.uib.no> wrote:
>> I'd like to thank Douglas Engert, Christopher Clausen and Guillaume
>> Rosse for the help with this matter. Netdom.exe was indeed the
>> answer, and as I was pestering our main AD honcho on the matter he
>> started to remember (I still don't...) that I'd pulled up that
>> command to him before - and the RHEL4 server where everything was
>> working had indeed at some vague past point in time been added as a
>> trusted server in AD.
>
> Can you let us know what exact command you actually ran that worked?
Since we don't have a separate dns domain for different OSes, only
different Kerberos realms, we need to map each server separately:
netdom.exe trust UIB.NO /domain:UNIX.UIB.NO /addtln:servername.fqdn
Knowing what to google for helps, this question has appeared again and
again over the years on this mailing list.
http://mailman.mit.edu/pipermail/kerberos/2005-September/008497.html is
detailed and gives a good run-through.
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: bjorn.sund at it.uib.no
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
More information about the Kerberos
mailing list