Windows LSA under a non-Windows domain
Douglas E. Engert
deengert at anl.gov
Mon Oct 26 11:21:13 EDT 2009
Santiago Rivas wrote:
> Sorry Max,
> I'm afraid there must be a mistake, cause all the Samba configuration work
> is already done. I'm asking for information about LSA...
To see what is in the LSA, use the Microsoft kerbtray and/or klist commands,
or the Network Identity Manager.
runas with /user will run a command under a different user and will
set the LSA. Also look at the /netonly option too.
Also see the Microsoft ksetup command, useful with non-AD Kerberos realms.
> 2009/10/26 Max (Weijun) Wang <Weijun.Wang at sun.com>
>> Also, Googling "Samba as Windows Domain Controller" shows a lot of results.
>> On Oct 26, 2009, at 7:01 PM, Santiago Rivas wrote:
>> Hi everyone,
>>> I'm setting up Kerberos to work on Windows XP machines managed by a Samba
>>> Thanks to your support, I know how to configure the credentials file cache
>>> on Windows platform. Next step is learn how to use Local Security
>>> (LSA) in order to obtain TGT automatically from user logon.
>>> I've read several documents on the web (
>>> and I get an idea, but still have some questions to ask:
>>> - Is it required to be under an Active Directory Windows Domain for LSA to
>>> gather the credentials? I ask it because most of the articles that I've
>>> about LSA asume to be on that scenario, nevertheless I'm using openldap
>>> Samba (as I mentioned before).
>>> - If it's possible to use LSA under a non-Windows domain, is there any
>>> configuration needed? (besides the *allowtgtsessionkey* registry change)
>>> Thanks in advance!
>>> krbdev mailing list krbdev at mit.edu
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev