cross-realm authentication problem

Bjørn Tore Sund bjorn.sund at
Sat May 30 18:34:06 EDT 2009

Christopher D. Clausen wrote:
> Bjørn Tore Sund <bjorn.sund at> wrote:
>> I'd like to thank Douglas Engert, Christopher Clausen and Guillaume
>> Rosse for the help with this matter.  Netdom.exe was indeed the
>> answer, and as I was pestering our main AD honcho on the matter he
>> started to remember (I still don't...) that I'd pulled up that
>> command to him before - and the RHEL4 server where everything was
>> working had indeed at some vague past point in time been added as a
>> trusted server in AD.
> Can you let us know what exact command you actually ran that worked?

Since we don't have a separate dns domain for different OSes, only 
different Kerberos realms, we need to map each server separately:

netdom.exe trust UIB.NO /domain:UNIX.UIB.NO /addtln:servername.fqdn

Knowing what to google for helps, this question has appeared again and 
again over the years on this mailing list. is 
detailed and gives a good run-through.

Bjørn Tore Sund       Phone: 555-84894   Email:   bjorn.sund at
IT department         VIP:   81724       Support:
Univ. of Bergen

When in fear and when in doubt, run in circles, scream and shout.

More information about the Kerberos mailing list