Re: kerberos tickets and the SPNs
- From: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>
- Date: Fri, 8 May 2009 22:34:22 +0100
I use also msktutil and you can find it here http://dag.wieers.com/rpm/packages/msktutil/
You can also use setspn -A host/fqdn in lowercase. instead of setspn -R.
BTW the original netjoin tool from MS used computer accounts not user accounts. http://msdn.microsoft.com/en-us/library/ms808911.aspx
http://download.microsoft.com/download/win2000pro/2kkerb2/1.0/nt5/en-us/ad-unix.exe I don't know why they changed their mind.
Markus
----- Original Message ----- From: "Ravi Channavajhala" <ravi.channavajhala@xxxxxxxxxx>
To: "Douglas E. Engert" <deengert@xxxxxxx>
Cc: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>; <kerberos@xxxxxxx>
Sent: Friday, May 08, 2009 8:59 PM
Subject: Re: kerberos tickets and the SPNs
Don't agree here. Natively adding a computer to AD and checking with
setspn -L didn't show any SPNs. Resetting the SPNs with setspn -R,
creates two entries
HOST/HOSTNAME$
HOST/HOSTNAME$.SHORTFORM DOMAIN
Both are incorrect....
The point is, I can manipulate SPNs to no end, but obviously no
success with Kerberos. My real issue is kerberos flip flopping with
'Server not found in Database' to 'Keytable entry incorrect Key
version'.
.
- References:
- Re: kerberos tickets and the SPNs
- From: Douglas E. Engert
- Re: kerberos tickets and the SPNs
- From: Markus Moeller
- Re: kerberos tickets and the SPNs
- From: Ravi Channavajhala
- Re: kerberos tickets and the SPNs
- From: Markus Moeller
- Re: kerberos tickets and the SPNs
- Prev by Date: Active Directory Kerberos Server and Windows MIT Tools Client
- Next by Date: KfW 3.2.2 on Win XP SP3 + file cache = repeated password asking?
- Previous by thread: Re: kerberos tickets and the SPNs
- Next by thread: Re: kerberos tickets and the SPNs
- Index(es):
Relevant Pages
|
