Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Help adding RHEL 5.x workstation to Win2008R2 DC



Microsoft's Kerberos implementation does not break MIT Kerberos.  Microsoft tried to pull an embrace and extend on Kerberos and got shot down in court by the MIT Trustees for violating the license.  So, while Microsoft's implementation isn't complete it does interoperate.  It's just a matter of getting the settings right on the client.

Check the LDAP base DN, make sure that it matches the KDC.

An easy one to miss is that the Kerberos realm needs to be all caps.  "foo.bar.com" is wrong but "FOO.BAR.COM" is correct.

Another thing to check is the clock.  If the client clock is more than a few minutes skewed from the KDC clock then authentication will fail.

Once you've checked all that then try using kinit to authenticate:

  kinit user at FOO.BAR.COM

and see what happens.  Either it works or you get an error, and that error should provide something to diagnose the problem.

--Rich P.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org