On 07/19/2013 04:09 PM, Sigbjorn Lie wrote:


Retreive a keytab from AD:

ktpass -princ HTTP/webserver.ipa.domain@WINDOWS.DOMAIN +rndpass /mapuser 
WINDOMAIN\webserver$
-crypto all -ptype KRB5_NT_PRINCIPAL -out webserver.keytab

The Windows admin will choose if they want to use a Computer Account or a User 
Account to bind the
keytab to.
Copy this keytab into /etc/httpd/HTTP.keytab-AD

just filling in (just in case this was not clear): ktpass.exe is a
windows tool you run in the domain controller (or in a workstation with
the admins tool installed).

--
groet,
natxo

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to