Yes, totally confused :) Thanks to you guy's I got it working now. But what I don't get is how Kerberos keys are handled in general. The /etc/krb5.keytab is a container, can I take both, UPN and SPN?
So far so good, start testing failover behaviour if the remote DC's are not available Thanks a lot & cheers Josh ________________________________________ Von: sssd-devel-boun...@lists.fedorahosted.org [mailto:sssd-devel-boun...@lists.fedorahosted.org] Im Auftrag von Ondrej Valousek Gesendet: Freitag, 25. November 2011 16:37 An: sssd-devel@lists.fedorahosted.org Betreff: Re: [SSSD] GSSAPI and Kerberos - understanding question >If you do a net ads join without any other parameters, the credential >that'll >work is the PONTUS$ cred, not the others. > >So "kinit -k PONTUS$" should work. Always the same story - people get confused by the UPN (User Principal Name) and SPN (Service Principal Name) meaning. We should write it down somewhere using bold letters so everyone knows.... Ondrej _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
