>>>>> "Luke" == Luke Howard <[EMAIL PROTECTED]> writes:
>> But as the KDC logs show, it seems like the login was >> successful. Do I have to have something more (Samba comes to >> mind)? Luke> SAMBA does not support the additional RPCs necessary for Luke> native Windows 2000 domain logon, so no, this won't help. Just thinking that it might be a little like NSS/PAM. In Linux I need Lib{PAM,NSS}-LDAP for uid/gid number mapping etc (authorization) and LibPAM-Krb5 for password (authentication)... Don't I need a authorization system as well on the Win host? Currently I only have authentication... ? Luke> Did you map your account to a local account with ksetup? Yes. Both 'turbo@REALM -> turbo' and '* *' (same on both hosts). Since the mapping is supposed to be 1:1 (using userid from KDC), the first mapping shouldn't be there, but... ? Luke> Did you set the machine password with ksetup and create a Luke> machine principal on your KDC with the same password? Yes. I first tried with a random passwd and add that to the keytab. I then found the link to the step-by-step guide, so I re-did it, this time without adding it to the keytab. Why do I need to create a machine account (using ksetup that is)? ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos