Sorry I asked this question in the wrong place, but thank you for the awesome answer James!
Public Content -----Original Message----- From: James Ralston <[email protected]> Sent: Wednesday, July 29, 2020 11:05 PM To: End-user discussions about the System Security Services Daemon <[email protected]> Subject: [External] - [SSSD-users] Re: How to authenticate machine with Kerberos to Active Directory? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Wed, Jul 29, 2020 at 8:24 PM Wesley Taylor <[email protected]> wrote: > I have a program I am trying to set up which tries to authenticate > with the principal host\machine-FQDN@REALM using Kerberos. > > However, when I run kinit -k, the machine isn't found in the Kerberos > database. "kinit -k" (with no arguments) defaults to attempting to obtain a TGT for (e.g.) host/[email protected], which only works if you set userPrincipalName to host/[email protected] when you joined the host to Active Directory. Running "kinit -k MYMACHINE\$" (that is, using the value of the sAMAccountName attribute as the argument to "kinit -k") should always work. > From what I have read, SSSD is responsible for being the glue between > MIT Kerberos (what Linux uses) and Microsoft Kerberos (which Active > Directory uses). This has nothing to do with sssd; it's all about setting userPrincipalName correctly when you join the host to AD if you want "kinit -k" (with no arguments) to work. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=02%7C01%7C%7Cfc44b59ef54b4f35311508d8344620e5%7Cfae7a2aedf1d444e91bebabb0900b9c2%7C0%7C0%7C637316823113865460&sdata=9uYFM8UBNAY2btttsNdOcxVHn4HoPsq16EGZIT8%2BzxA%3D&reserved=0 List Guidelines: https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=02%7C01%7C%7Cfc44b59ef54b4f35311508d8344620e5%7Cfae7a2aedf1d444e91bebabb0900b9c2%7C0%7C0%7C637316823113865460&sdata=u%2BYWfJajDCG%2F5GR1mt8kmKtzJPb1bcAr7bYSNrMNHzI%3D&reserved=0 List Archives: https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=02%7C01%7C%7Cfc44b59ef54b4f35311508d8344620e5%7Cfae7a2aedf1d444e91bebabb0900b9c2%7C0%7C0%7C637316823113865460&sdata=%2FL0QIhBxCfu80Q4FO3SwWdXW0XYP6jo8GpIyoA1uBsw%3D&reserved=0
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
