Hi Mark, For some background, I am actually trying to set up a http kerberos service so that I can use mod_auth_krb in apache2.
Would net ads join createupn=http/foundry.example.local do the trick? I am on 3.0.22, which does not support this syntax. Any work-arounds? thanks, Bradley On 2/21/07, Mark Proehl <[EMAIL PROTECTED]> wrote:
Hi, try net ads join createupn=host/foundry.example.local - Mark On Tue, Feb 20, 2007 at 05:57:47PM +1000, Bradley Schatz wrote: > I suspect I might be grossly misunderstanding kerberos and AD here, but I > cant seem to grok the following. > > net ads join integrates my linux samba server (named foundry) into an AD > domain and all works fine. The samba server is using the kerberos keytab. > > [EMAIL PROTECTED]:~ # kinit -k -t /etc/krb5.keytab foundry$ > [EMAIL PROTECTED]:~ # kinit -k -t /etc/krb5.keytab host/foundry.example.local > kinit(v5): Client not found in Kerberos database while getting initial > credentials > > Why can't kinit find the service host/foundry.example.local in the AD > Kerberos database? It seems to be in the local linux server keylist: > > [EMAIL PROTECTED]:~ # klist -k > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 2 host/[EMAIL PROTECTED] > 2 host/[EMAIL PROTECTED] > .... cut ... > > What am I missing here? > > Thanks, > > Bradley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
