Mac OS X's kinit does not support the -4 option because it is
incompatible with the way the Kerberos Login Library manipulates
tickets. In particular, the KLL defines the concept of a valid ticket
cache as one which contains valid TGTs for all versions of Kerberos
defined by the machine's
With samba 3.0.9 and MIT kerberos 1.3.5 and use kerberos keytab = yes
in smb.conf, I can do net ads join and it populates /etc/krb5.keytab.
Unfortunately when I test it with kinit -k it says can't find KDC.
An ordinary kinit works.
First thing I noticed in the AD LDAP is that userPrincipalName
Bob == [EMAIL PROTECTED] writes:
Bob Unfortunately when I test it with kinit -k it says can't
Bob find KDC. An ordinary kinit works.
You actually need kinit -k principalname
So run klist -k, find the principal name and kinit -k with that
principal.
--Sam
