I use also msktutil and you can find it here http://dag.wieers.com/rpm/packages/msktutil/
You can also use setspn -A host/fqdn in lowercase. instead of setspn -R. BTW the original netjoin tool from MS used computer accounts not user accounts. http://msdn.microsoft.com/en-us/library/ms808911.aspx http://download.microsoft.com/download/win2000pro/2kkerb2/1.0/nt5/en-us/ad-unix.exe I don't know why they changed their mind. Markus ----- Original Message ----- From: "Ravi Channavajhala" <[email protected]> To: "Douglas E. Engert" <[email protected]> Cc: "Markus Moeller" <[email protected]>; <[email protected]> Sent: Friday, May 08, 2009 8:59 PM Subject: Re: kerberos tickets and the SPNs Don't agree here. Natively adding a computer to AD and checking with setspn -L didn't show any SPNs. Resetting the SPNs with setspn -R, creates two entries HOST/HOSTNAME$ HOST/HOSTNAME$.SHORTFORM DOMAIN Both are incorrect.... The point is, I can manipulate SPNs to no end, but obviously no success with Kerberos. My real issue is kerberos flip flopping with 'Server not found in Database' to 'Keytable entry incorrect Key version'. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
