pro/2kkerb2/1.0/nt5/en-us/ad-unix.exe
>> I don't know why they changed their mind.
>>
>> Markus
>>
>> - Original Message - From: "Ravi Channavajhala"
>>
>> To: "Douglas E. Engert"
>> Cc: "Markus Moeller" ;
>>
E. Engert"
> Cc: "Markus Moeller" ;
> Sent: Friday, May 08, 2009 8:59 PM
> Subject: Re: kerberos tickets and the SPNs
>
>
> Don't agree here. Natively adding a computer to AD and checking with
> setspn -L didn't show any SPNs. Resetting the SPN
y, May 08, 2009 8:59 PM
Subject: Re: kerberos tickets and the SPNs
Don't agree here. Natively adding a computer to AD and checking with
setspn -L didn't show any SPNs. Resetting the SPNs with setspn -R,
creates two entries
HOST/HOSTNAME$
HOST/HOSTNAME$.SHORTFORM DOMAIN
Both are incorrect..
On Sat, May 9, 2009 at 1:02 AM, Douglas E. Engert wrote:
>
>
> Ravi Channavajhala wrote:
>>
>> On Fri, May 8, 2009 at 8:10 PM, Douglas E. Engert
>> wrote:
>>> Note that the MS documentation says to add a "user" account, not a
>>> "computer"
>>> account. (Sounds counterintuitive...)
>>>
>>> http:
Ravi Channavajhala wrote:
> On Fri, May 8, 2009 at 8:10 PM, Douglas E. Engert wrote:
>
>>> I deleted the computer object in AD, waited for the replication to
>>> complete and then re-added the AD object. Now the SPN appears as
>>>
>> Note that the MS documentation says to add a "user" account,
On Fri, May 8, 2009 at 8:10 PM, Douglas E. Engert wrote:
>> I deleted the computer object in AD, waited for the replication to
>> complete and then re-added the AD object. Now the SPN appears as
>>
>
> Note that the MS documentation says to add a "user" account, not a
> "computer"
> account. (So
Ravi Channavajhala wrote:
> On Fri, May 8, 2009 at 4:26 AM, Markus Moeller
> wrote:
>
>>> Interesting. This means, I need to have all the SPNs included in the
>>> keytab? Do you see an inherent problem with deleting the existing
>>> SPNs on windows KDC and adding only one SPN of the form hos
On Fri, May 8, 2009 at 4:26 AM, Markus Moeller wrote:
>> Interesting. This means, I need to have all the SPNs included in the
>> keytab? Do you see an inherent problem with deleting the existing
>> SPNs on windows KDC and adding only one SPN of the form host/fqdn and
>> generating the keytab?
>
"Ravi Channavajhala" wrote in message
news:mailman.20.1241667589.9729.kerbe...@mit.edu...
> On Thu, May 7, 2009 at 1:19 AM, Markus Moeller
> wrote:
>>
>> You could add a copy to the keytab with ktutil which has an uppercase
>> HOST
>> e.g.
>>
>> # ktutil
>> ktutil: rkt /tmp/test.keytab
>> ktu
On Thu, May 7, 2009 at 1:19 AM, Markus Moeller wrote:
>
> You could add a copy to the keytab with ktutil which has an uppercase HOST
> e.g.
>
> # ktutil
> ktutil: rkt /tmp/test.keytab
> ktutil: l -k
> slot KVNO Principal
>
> --
FWIW MIT Kerberos 1.7 will address this.
-- Luke
On 07/05/2009, at 5:49 AM, Markus Moeller wrote:
>
> "Douglas E. Engert" wrote in message
> news:mailman.17.1241638415.9729.kerbe...@mit.edu...
>> Windows treats principal names as case insensitive.
>> Kerberos treats them as case sensitive.
>>
>
"Douglas E. Engert" wrote in message
news:mailman.17.1241638415.9729.kerbe...@mit.edu...
> Windows treats principal names as case insensitive.
> Kerberos treats them as case sensitive.
>
> Normally Kerberos host/hostn...@realm has "host" in lower case.
> So why is Samba net ADS join is using upp
On Thu, May 7, 2009 at 1:03 AM, Douglas E. Engert wrote:
>
> Windows treats principal names as case insensitive.
> Kerberos treats them as case sensitive.
>
> Normally Kerberos host/hostn...@realm has "host" in lower case.
> So why is Samba net ADS join is using upper case is not clear.
Just to b
Windows treats principal names as case insensitive.
Kerberos treats them as case sensitive.
Normally Kerberos host/hostn...@realm has "host" in lower case.
So why is Samba net ADS join is using upper case is not clear.
If the net ads join adds the SPN in uppercase, then the ktpass
with lower case
I'm setting up a Solaris 10 server as a test samba server with AD
authentication. I'm running into a little bit of issue with Kerberos
tickets. The setup is as follows
Solaris-10, Windows AD-2003/R2, native Solaris (sparc) samba, Kerberos, LDAP
(shipped with the distro) and IMU on windows. My L
15 matches
Mail list logo
