Cannot integrate AD with krb5
Leo Xiao
lxiao at vmware.com
Thu Oct 24 05:35:45 EDT 2013
Hi,
Appreciate it very much Steve! Your blog is quite helpful for me to make
my smb available to windows user.
And now I need to check Kerberos authentication (user mapped with AD). So
I must work on krb5 and bind.
And must resolve the network problem between AD and Kerberos.
Regards,
Leo
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf
Of steve
Sent: Thursday, October 24, 2013 3:51 PM
To: kerberos at mit.edu
Subject: Re: Cannot integrate AD with krb5
On Wed, 2013-10-23 at 23:45 -0700, Leo Xiao wrote:
> Dear all,
>
>
>
> I'm trying to integrated my AD with krb5.:
>
> 1. I have a existing AD(with DNS on the same host) test1.local on
> win2k8.
>
> 2. I created a krb5 and bind9 on RHEL5.
>
> 3. I want to integrated AD and krb5 by mapping AD user to a
Kerberos
> user. Then I can login my workstation with Kerberos user.
>
Hi
The workstation (ws) will need a MACHINE$ key for the domain before users
can authenticate against your AD. The easiest way to get that is to use
winbind and set:
kerberos method = system keytab
in /etc/samba/smb.conf
The necessary keytab will then be created when you join the ws to the
domain:
net ads join -Uadmin.user
should get you there.
We did this a while ago:
http://linuxcostablanca.blogspot.com.es/2012/08/winbind-on-samba4-ii.html
You don't need Bind. Set the primary DNS on the ws to point to the IP of
test1.local. You shouldn't need to add a forwarder.
HTH
Steve
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list