On 07/19/2013 04:09 PM, Sigbjorn Lie wrote:
Retreive a keytab from AD:
ktpass -princ HTTP/webserver.ipa.domain@WINDOWS.DOMAIN +rndpass /mapuser
WINDOMAIN\webserver$
-crypto all -ptype KRB5_NT_PRINCIPAL -out webserver.keytab
The Windows admin will choose if they want to use a Computer Account or a User
Account to bind the
keytab to.
Copy this keytab into /etc/httpd/HTTP.keytab-AD
just filling in (just in case this was not clear): ktpass.exe is a
windows tool you run in the domain controller (or in a workstation with
the admins tool installed).
--
groet,
natxo
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
