Scott's Weblog The weblog of an IT pro focusing on cloud computing, Kubernetes, Linux, containers, and networking

Minor Linux-AD Hiccup Fixed (Hopefully)

I think I have resolved one minor Linux-AD integration hiccup. In setting up the Kerberos authentication, various instructions I had found (including some from Microsoft) indicated I needed to create a user account for the Linux servers, then use ktpass to generate the Kerberos keytab. This works, but being the stickler for detail that I am, I really wanted to use a computer account instead of a user account.

After fiddling with it for a while, I finally managed to make it work. The ktpass command should look something like this:

ktpass -princ host/fqdn@REALM -mapuser DOMAIN\name$
-crypto DES-CBC-MD5 -pass password -ptype KRB5_NT_PRINCIPAL
-out filename

The missing piece, for me, was specifying “DOMAIN\name$” for the mapuser parameter. Without it, the command kept generating an error.

I don’t know for sure that this will work, but I will be testing this within the next day or so to see how it goes.

Metadata and Navigation

Be social and share this post!