RE: Authenticating a FreeBSD users to Win2K Kerberos
[EMAIL PROTECTED] wrote: Hi everyone, Anyone know a good HOWTO guide for authenticating FreeBSD logons to Win2K/Acitive Directory Kerberos server. I really need some guidance here as I havn't the first idea where to start Just for authentiation or complete user logon without having seperate UNIX accounts? In the latter you had to change the AD scheme because you need more info (home, shell, different u+gID), but there are SFU (ServicesForUnix) from Microsoft which makes the neccesary changes and also provides a NIS server. Just for authentication you could use pam_smb. I can't help you with kerberos because I decided to use SFU. Best regards, -Harry -Thanks in advance - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Authenticating a FreeBSD users to Win2K Kerberos
Hi everyone, Anyone know a good HOWTO guide for authenticating FreeBSD logons to Win2K/Acitive Directory Kerberos server. I really need some guidance here as I havn't the first idea where to start -Thanks in advance - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Authenticating a FreeBSD users to Win2K Kerberos
The AD DCs work just as an MIT KrbV KDC works. A couple things to watch for: *For Kerberos authentication, your realm will be the same as your FQDN Active Directory domain, in UPPERCASE. The KDC will be automatically found if you are running W2k DNS (or the proper SRV+TXT records in your DNS) If you add the following to your krb5.conf file: [libdefaults] ... dns_lookup_kdc = true dns_lookup_realm = true ... This lets you simply type kinit [EMAIL PROTECTED] To use the AD as your default realm, use this: [libdefaults] ... default_realm = MYAD.MYDOMAIN.TLD ... The above will let you use pam_krb5 to authenticate your login ID as your Krb princ. Good luck! -Matt On Thu, 2003-02-13 at 06:10, BSD Freak wrote: Hi everyone, Anyone know a good HOWTO guide for authenticating FreeBSD logons to Win2K/Acitive Directory Kerberos server. I really need some guidance here as I havn't the first idea where to start -Thanks in advance - Would you like to receive faxes to your personal email address? You can with mBox. Visit http://www.mbox.com.au/fax To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Matt Smith [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
