[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problems with Service Principle Unknown and Windows AD.

On Thu, 2005-05-12 at 15:06 +0200, Simon Tennant wrote:
> I am in an environment where I need to be able to authenticate users
> against the Win2K Active Directory farm using Kerberos.

> 	Application -> saslauthd -> heimdal -> Windows Servers
> My understanding of how to set this up is that I must get a service
> ticket from Windows using the "ktpass.exe" application and copy this
> to /etc/krb5.keytab file on the linux host.  Then I configure saslauthd
> to use Heimdal kerberos for Authentication and run the testsaslauthd
> program to test.
> Are my assumptions about how to set this up correct?  I was unable to
> find a definitive guide.

The other technique is to use Samba, and perform as 'net ads join'.
Then the 'net keytab' commands can be used to setup the local keytab.  I
don't have the exact commands to hand, but it's another route to follow.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part