Minor Linux-AD Hiccup Fixed (Hopefully)18 July 2005 · Filed in Explanation
I think I have resolved one minor Linux-AD integration hiccup. In setting up the Kerberos authentication, various instructions I had found (including some from Microsoft) indicated I needed to create a user account for the Linux servers, then use
ktpass to generate the Kerberos keytab. This works, but being the stickler for detail that I am, I really wanted to use a computer account instead of a user account.
After fiddling with it for a while, I finally managed to make it work. The
ktpass command should look something like this:
ktpass -princ [email protected] -mapuser DOMAIN\name$ -crypto DES-CBC-MD5 -pass password -ptype KRB5_NT_PRINCIPAL -out filename
The missing piece, for me, was specifying “DOMAIN\name$” for the mapuser parameter. Without it, the command kept generating an error.
I don’t know for sure that this will work, but I will be testing this within the next day or so to see how it goes.Tags: ActiveDirectory · Interoperability · Kerberos · Linux · Microsoft · Windows Previous Post: Linux-AD Integration Success! Next Post: Matthew West's New Album