Hello all,
I managed to solve the following problem:
"The system can not log you on due to the followingerror: No mapping between account names and securityIDs was done. Please try again or consult your systemadministrator."
It's simply because I haven't added the user to list of users for the
Thanks to Brent and Arden who have given me some
insights, though I'm not fully successful yet, but I
can see a progress...
Apparently, my biggest problem was the DNS server
setup. I managed to come over the problem (phiughh)
Now, the problem is when a client wants to login with
the domain set
Thank you Robbie, but I still can't get it to work :-(
When a win2k client tries to log in using my linux
kerberos realm, it fails with error message:
The system could not log you on. Make sure that the
username and password are correct. Letters in the
password must be typed in the correct
Hmmm,
sorry no experience with heimdal...
did you follow the steps in the following article? They are designed for an mit realm, but if you consult your heimdal documentation you should be able to find equivalent commands.
Thanks for all the replies guys..(I love this mailing
list) :-)
After spending sometimes understanding the kerberos
concept in windows, I believe that to achieve my goal,
I need to create a two way trust relationship between
the windows 2000 domain and my kerberos realm on linux
machine (just
Hi Lara,
I think what you are looking for is this... In AD Users Computers,
click on View at the top and turn on Advanced Features. Then, right
click on the user account and click on Name Mappings... Then click on
the Kerberos Names tab and add the principal name there (such as
[EMAIL
You actually don't configure AD, what you need to do is run ksetup.exe
on the workstations (must be 2000 or XP) and add the kerberos realm
kerberos servers. (ksetup is part of the support tools). For example:
C:\ ksetup /addkdc MIT.KERBREALM.COM kserver.kerb.com
and then when the user logs