Hey Russ!
It *may* be sufficient to set:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\MYREALM
This is a dword, and the bit you need set is 0x02
See:
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/rege
Thanks for your response. I don't see the /SetRealmFlags on my version
of KSETUP? Do I need a specific version? Here are the switches I see:
ksetup /?
USAGE:
/SetRealm DnsDomainName -- set name of RFC1510 Kerberos Realm
/MapUser Principal Account -- Map Kerberos Principal to account (* =
any/all)
Windows clients should only make a Net Logon locator request to real
Active Directory DCs, not MIT KDCs. If this is not the case then it
seems likely that this is a bug in the Windows Kerberos client.
-- Luke
Kerberos mailing list [EMAIL
