When you use kinit to acquire a Kerberos ticket prior to joining a Win2k3 domain with net ads join -U <upn> is that ticket merely used for the join that follows? When it expires does this mean anything?
Thanks, jlc
On Mon, 2008-12-15 at 23:47 -0700, Joseph L. Casale wrote:
When you use kinit to acquire a Kerberos ticket prior to joining a Win2k3 domain with net ads join -U <upn> is that ticket merely used for the join that follows? When it expires does this mean anything?
You use kinit before joining the AD to test AD auth. That is, you want to be sure your "linux" side is configured properly to get a kerberos ticket in the first place. If you're able to get one, you should be to join the domain.
HTH,
Ranbir
You use kinit before joining the AD to test AD auth. That is, you want to be sure your "linux" side is configured properly to get a kerberos ticket in the first place. If you're able to get one, you should be to join the domain.
Ranbir, Yeah it's been working ever since but there are some errors in the logs even though users auth silently and it all just works. Once I am back from holidays I had planned to read up on winbind and samba as it relates to AD...
Thanks! jlc
On Sat, 2008-12-20 at 22:00 -0700, Joseph L. Casale wrote:
Yeah it's been working ever since but there are some errors in the logs even though users auth silently and it all just works. Once I am back from holidays I had planned to read up on winbind and samba as it relates to AD...
If you need any tips/help, let me know. I have lots of CentOS servers and a couple of Fedora and Ubuntu laptops authenticating to AD at work, and they all work flawlessly.
Regards,
Ranbir
-
Joseph L. Casale -
Kanwar Ranbir Sandhu