I've uploaded the latest changes: http://download.systemimager.org/~finley/msktutil/
Douglas E. Engert wrote: > > > Markus Moeller wrote: >> >> I use also msktutil and you can find it here >> http://dag.wieers.com/rpm/packages/msktutil/ > > That points to: > http://download.systemimager.org/~finley/msktutil/ > and Finley is here at ANL. > > We now have Debian mods to 0.3.16-7 to work with W2008, and use the > Windows attribute msDs-supportedEncryptionTypes so one can use AES. > Any one interested? > >> >> You can also use setspn -A host/fqdn in lowercase. instead of setspn -R. >> >> BTW the original netjoin tool from MS used computer accounts not user >> accounts. http://msdn.microsoft.com/en-us/library/ms808911.aspx >> http://download.microsoft.com/download/win2000pro/2kkerb2/1.0/nt5/en-us/ad-unix.exe >> I don't know why they changed their mind. >> >> Markus >> >> ----- Original Message ----- From: "Ravi Channavajhala" >> <[email protected]> >> To: "Douglas E. Engert" <[email protected]> >> Cc: "Markus Moeller" <[email protected]>; <[email protected]> >> Sent: Friday, May 08, 2009 8:59 PM >> Subject: Re: kerberos tickets and the SPNs >> >> >> Don't agree here. Natively adding a computer to AD and checking with >> setspn -L didn't show any SPNs. Resetting the SPNs with setspn -R, >> creates two entries >> >> HOST/HOSTNAME$ >> HOST/HOSTNAME$.SHORTFORM DOMAIN >> >> Both are incorrect.... >> >> The point is, I can manipulate SPNs to no end, but obviously no >> success with Kerberos. My real issue is kerberos flip flopping with >> 'Server not found in Database' to 'Keytable entry incorrect Key >> version'. >> >> >> > -- Brian Elliott Finley Deputy Manager, Unix, Storage, and Operations Computing and Information Systems Argonne National Laboratory Office: 630.252.4742 Mobile: 630.631.6621 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
