9 Mar
2011
9 Mar
'11
4:09 p.m.
On Wed, 9 Mar 2011, John Hodrien wrote:
On Wed, 9 Mar 2011, Dvorkin, Asya wrote:
Thank you, John.
I forgot to add that we cannot generate keytab from AD server for various reasons that I have no control over.
And are you really sure this is the case? If you can join to a domain, you can get a keytab (you don't need AD admin rights to do this).
If you were just using Samba to do the join, something like:
use kerberos keytab = yes
in your smb.conf
and a:
net ads keytab create net ads keytab add http
on the joined machine would get you a keytab suitable for web auth.
klist -k would then show you what you'd got.
jh