>>>>> "Luke" == Luke Howard <[EMAIL PROTECTED]> writes:
>> But as the KDC logs show, it seems like the login was
>> successful. Do I have to have something more (Samba comes to
>> mind)?
Luke> SAMBA does not support the additional RPCs necessary for
Luke> native Windows 2000 domain logon, so no, this won't help.
Just thinking that it might be a little like NSS/PAM. In Linux
I need Lib{PAM,NSS}-LDAP for uid/gid number mapping etc (authorization)
and LibPAM-Krb5 for password (authentication)...
Don't I need a authorization system as well on the Win host? Currently
I only have authentication... ?
Luke> Did you map your account to a local account with ksetup?
Yes. Both 'turbo@REALM -> turbo' and '* *' (same on both hosts).
Since the mapping is supposed to be 1:1 (using userid from KDC),
the first mapping shouldn't be there, but... ?
Luke> Did you set the machine password with ksetup and create a
Luke> machine principal on your KDC with the same password?
Yes. I first tried with a random passwd and add that to the keytab.
I then found the link to the step-by-step guide, so I re-did it,
this time without adding it to the keytab.
Why do I need to create a machine account (using ksetup that is)?
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
