Hi, Peter Schüller <[EMAIL PROTECTED]> writes:
> [If you get this twice, ignore it. I had E-Mail MUA difficulties. ] > > Hello, > >> my W2K clients and users are authenticated by a native MIT Kerberos-V5 >> KDC, that is they get tickets and TGT, while user data are stored in > > I'm afraid I can't help you with your problem, but I was wondering if you > could point me in the right direction as to how to make a Win2K client > authenticate against a Kerberos KDC/realm? > > I've found some very-verbose-but-not-really-helpful documentation on > Microsoft's site, but I still haven't figured out how to simply tell it "yes, > authenticate using kerberos, and use this KDC". It is quite simple, actually :-) Prior to prepare your w2k workstations, you should have created principals for your users and hosts on your KDC, see MIT Kerberos Install Guide on how to do this. On your W2K-System-CD, change to directory \support\tools\ and run setup.exe, this will install beside other tools the utility "Ksetup". Run fro the W2K command line C:> Ksetup /setdomain YOUR.REALM.TLD C:> Ksetup /addkdc YOUR.REALM.TLD your.kdc.server.tld C:> Ksetup /mapuser [EMAIL PROTECTED] <group> C:>Ksetup /mapuser ** If you have created a password for your host principal run additonally C:> Ksetup /setmachpassword <password> Finally run C:> Ksetup without any further arguements to see if all is properly setup. Restart your workstation and you will have the choice either to login on your local machine or to your KDC. -Dieter -- Dieter Kluenter | Systemberatung Tel:040.64861967 | Fax: 040.64891521 mailto: [EMAIL PROTECTED] http://www.schevolution.com/tour -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba