Do you need to trust the computer account
for delegation?
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of T C
Sent: Monday, April 03, 2006 5:19
PM
To: Active Directory Discussions
Subject: [ActiveDir] Creating a
service instance account in AD
Hi,
I am working on bringing a Unix service under AD. To do this I need to
map a service
principal name (SPN) to an AD account. The MS document specifies using a
user
account for this, and I have tested with this and it works. However, I am
also
trying to use a computer account for this. Everything seems to work
except the
ticket cannot be decrypted. So I am curious if computer accounts can be
used
for this purpose. It seems quite straightforward, but it just didn't
work.
Thanks,
Terry
|
