Hi Markus Is it possible to do:
netdom trust HHK.DK /domain:CBS.DK /addtln:od.cbs.dk And only have windows clients ask my MIT kerberos server when accessing https://od.cbs.dk ? or is it only for the whole domain. Med Venlig Hilsen / Kind Regards Mikkel Kruse Johnsen Adm.Dir. Linet Ørholmgade 6 st tv Copenhagen N 2200 Denmark Work: +45 21287793 Mobile: +45 21287793 Email: mik...@linet.dk IM: mik...@linet.dk (MSN) Professional Profile Healthcare Network Consultant tir, 22 09 2009 kl. 21:48 +0100, skrev Markus Moeller: > Do you look for something like ? > > netdom trust WINDOWS2003.HOME /domain:SUSE.HOME /addtln:suse.home > > This tells the w2k3 domain WINDOWS2003.HOME that hosts with in the domain > suse.home belong to the MIT domain SUSE.HOME > > Markus > > "Mikkel Kruse Johnsen" <mik...@linet.dk> wrote in message > news:mailman.20.1253609653.18120.kerbe...@mit.edu... > > Hi All > > > > I have a trust between my Windows 2003 AD (HHK.DK) and my RHEL5 MIT > > Kerberos (CBS.DK). > > > > On the Windows machines I have: > > > > HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK > > KdcNames: kdc1.cbs.dk kdc2.cbs.dk > > > > > > Adding "HTTP/od.cbs...@cbs.dk" to my CBS.DK and using mod_auth_kerb in > > Apache. SSO worked on both Windows and Linux clients with HHK.DK tokens. > > > > In my log file "/var/log/krb5kdc.log" I could see that a lot of request > > came from windows machines. > > > > > > Now the IT department created a UPN suffix on the AD called CBS.DK and > > SSO stopped working on Windows clients. The request in > > "/var/log/krb5kdc.log" stopped. > > > > We removing the UPN suffix from the AD, but Windows clients is not > > working and the request to "/var/log/krb5kdc.log" do not happen anymore. > > Everything is fine on Linux. > > > > It seems that Windows clients no longer uses the "HKLM\SYSTEM > > \CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK" in the reg. > > > > Have been searching the net for month now. Anyone has any ideas what is > > wrong ? > > > > Is there a way to map domain to realms in Windows like [domain_realm] in > > krb5.conf ? > > > > > > Med Venlig Hilsen / Kind Regards > > > > > > > > > > Mikkel Kruse > > Johnsen > > Adm.Dir. > > > > Linet > > Ørholmgade 6 st tv > > Copenhagen N 2200 > > Denmark > > > > Work: +45 > > 21287793 > > Mobile: +45 > > 21287793 > > Email: > > mik...@linet.dk > > IM: > > mik...@linet.dk > > (MSN) > > Professional > > Profile > > Healthcare > > > > > > Network > > Consultant > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos