Cannot integrate AD with krb5
steve
steve at steve-ss.com
Thu Oct 24 03:50:35 EDT 2013
On Wed, 2013-10-23 at 23:45 -0700, Leo Xiao wrote:
> Dear all,
>
>
>
> I'm trying to integrated my AD with krb5.:
>
> 1. I have a existing AD(with DNS on the same host) test1.local on
> win2k8.
>
> 2. I created a krb5 and bind9 on RHEL5.
>
> 3. I want to integrated AD and krb5 by mapping AD user to a Kerberos
> user. Then I can login my workstation with Kerberos user.
>
Hi
The workstation (ws) will need a MACHINE$ key for the domain before
users can authenticate against your AD. The easiest way to get that is
to use winbind and set:
kerberos method = system keytab
in /etc/samba/smb.conf
The necessary keytab will then be created when you join the ws to the
domain:
net ads join -Uadmin.user
should get you there.
We did this a while ago:
http://linuxcostablanca.blogspot.com.es/2012/08/winbind-on-samba4-ii.html
You don't need Bind. Set the primary DNS on the ws to point to the IP of
test1.local. You shouldn't need to add a forwarder.
HTH
Steve
More information about the Kerberos
mailing list