Kerberos cross-realm with AD
Jean-Yves Avenard
jyavenard at gmail.com
Tue Feb 8 00:49:06 EST 2011
Hi there..
Interestingly ; I have now reverted to kerberos 1.7 (I had avoided
upgrading to 1.8 earlier as I couldn't make it work when both 1.7 and
1.6 worked just fine. 1.9 seemed to have worked all fine until now).
Downgrading to 1.7 and my cross-ream issues are gone ; only problem
now is that I see in the log:
[Tue Feb 08 16:45:00 2011] [notice] [client 1.2.3.4]
krb5_aname_to_localname() found no mapping for principal
jean-yves.avenard at MEL.DOMAIN.COM
I added in the krb5.conf
[realms]
M.DOMAIN.COM = {
kdc = m.domain.com
admin_server = m.domain.com
default_domain = m.domain.com
}
MEL.DOMAIN.COM = {
kdc = ad.domain.com
admin_server = ad.domain.com
default_domain = ad.domain.com
auth_to_local = RULE:[1:$1@$0](.*@.*DOMAIN\.COM$)s/@.*//
}
from what I could read in the documentation, but this still doesn't work.
More information about the Kerberos
mailing list