Windows LSA under a non-Windows domain

Douglas E. Engert deengert at anl.gov
Mon Oct 26 11:21:13 EDT 2009 


Santiago Rivas wrote:
> Sorry Max,
> 
> I'm afraid there must be a mistake, cause all the Samba configuration work
> is already done. I'm asking for information about LSA...

To see what is in the LSA, use the Microsoft kerbtray and/or klist commands,
or the Network Identity Manager.

runas with /user will run a command under a different user and will
set the LSA. Also look at the /netonly option too.

Also see the Microsoft ksetup command, useful with non-AD Kerberos realms.


> 
> Thanks!
> 
> 2009/10/26 Max (Weijun) Wang <Weijun.Wang at sun.com>
> 
>> http://www.ibm.com/developerworks/aix/library/au-unixothers/
>>
>> Also, Googling "Samba as Windows Domain Controller" shows a lot of results.
>>
>> --Max
>>
>>
>> On Oct 26, 2009, at 7:01 PM, Santiago Rivas wrote:
>>
>>   Hi everyone,
>>> I'm setting up Kerberos to work on Windows XP machines managed by a Samba
>>> as
>>> PDC.
>>>
>>> Thanks to your support, I know how to configure the credentials file cache
>>> on Windows platform. Next step is learn how to use Local Security
>>> Authority
>>> (LSA) in order to obtain TGT automatically from user logon.
>>>
>>> I've read several documents on the web (
>>>
>>> http://java.sun.com/javase/6/docs/technotes/guides/security/kerberos/jgss-windows.html
>>> )
>>> and I get an idea, but still have some questions to ask:
>>>
>>> - Is it required to be under an Active Directory Windows Domain for LSA to
>>> gather the credentials? I ask it because most of the articles that I've
>>> read
>>> about LSA asume to be on that scenario, nevertheless I'm using openldap
>>> and
>>> Samba (as I mentioned before).
>>>
>>> - If it's possible to use LSA under a non-Windows domain, is there any
>>> extra
>>> configuration needed? (besides the *allowtgtsessionkey* registry change)
>>>
>>> Thanks in advance!
>>> _______________________________________________
>>> krbdev mailing list             krbdev at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>>
>>
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list