Scott Ruckh wrote: > Here are some other places where I have discussed this topic: > > http://www.linuxquestions.org/questions/showthread.php?t=371848&page=2 > http://www.winlinanswers.com/community/viewtopic.php?t=37 > http://blog.scottlowe.org/2006/04/27/linux-ad-integration-with-windows-server-2003-r2/ > http://blog.scottlowe.org/2006/08/08/linux-active-directory-and-windows-server-2003-r2-revisited/ > > Note that there is a bug in Windows 2003 SP1 ktpass utility when creating > keytab files used with secure connections. You can get a fix from MS. > You can find the link to MS article which discusses the bug from the links > above. > > Although I have a "working" solution, which can be found from the above > articles, I would like hear what your final configuration looks like. > There are still several things I do not like with my configuration and > would like to improve on the configuration so that it is more then just > functional. > > Thanks. >
Hi thanks Scott, I had actually used one of the howto's you mentioned: http://blog.scottlowe.org/2006/04/27/linux-ad-integration-with-windows-server-2003-r2/ However I am not doing anything with SFU, we have an NIS server (All the accounts are in both NIS and AD). I do not think we have a problem with ktpass. (was this the hotfix you were referring to? http://support.microsoft.com/kb/843071) On a whim, I installed Fedora Core 5 on a virtual machine, and redid everything, using the ktpass command described in your first howto: "ktpass -princ host/[EMAIL PROTECTED] -mapuser ENGR_STUDENT\fc5 -crypto DES-CBC-MD5 -pass mypassword -ptype KRB5_NT_PRINCIPAL -out keytab.fc5 " After installing this keytab file (and authconfig) kerberized telnet works!!! After kinit'ing I can do a "telnet -k AD.ENGR.UCONN.EDU -l rohitm fc5.engr.uconn.edu" and it lets me log in. I do not have to type my password a second time. GSSAPI authentication still does not work with SSH, and I have no idea why kerberized telnet does not seem to work in Debian(etch)/Ubuntu(dapper) and GSSAPI ssh authentication does not seem to work for me on any distro. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
