Cannot integrate AD with krb5

Leo Xiao lxiao at vmware.com
Thu Oct 24 05:35:45 EDT 2013


Hi,

Appreciate it very much Steve! Your blog is quite helpful for me to make
my smb available to windows user.

And now I need to check Kerberos authentication (user mapped with AD). So
I must work on krb5 and bind. 
And must resolve the network problem between AD and Kerberos.

Regards,
Leo

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of steve
Sent: Thursday, October 24, 2013 3:51 PM
To: kerberos at mit.edu
Subject: Re: Cannot integrate AD with krb5

On Wed, 2013-10-23 at 23:45 -0700, Leo Xiao wrote:
> Dear all,
> 
>  
> 
> I'm trying to integrated my AD with krb5.:
> 
> 1.       I have a existing AD(with DNS on the same host) test1.local on
> win2k8.
> 
> 2.       I created a krb5 and bind9 on RHEL5. 
> 
> 3.       I want to integrated AD and krb5 by mapping AD user to a
Kerberos
> user. Then I can login my workstation with Kerberos user.
> 
Hi
The workstation (ws) will need a MACHINE$ key for the domain before users
can authenticate against your AD. The easiest way to get that is to use
winbind and set:
kerberos method = system keytab
in /etc/samba/smb.conf
The necessary keytab will then be created when you join the ws to the
domain:
net ads join -Uadmin.user
should get you there.

We did this a while ago:
http://linuxcostablanca.blogspot.com.es/2012/08/winbind-on-samba4-ii.html

You don't need Bind. Set the primary DNS on the ws to point to the IP of
test1.local. You shouldn't need to add a forwarder.
HTH
Steve

________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list