Date: 13 Feb 2003 10:14:28 -0500 From: Matt Smith <matt@forsetti.com> To: BSD Freak <bsd-freak@mbox.com.au> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Authenticating a FreeBSD users to Win2K Kerberos Message-ID: <1045149268.91136.9.camel@d80h149.public.uconn.edu> In-Reply-To: <26f5dff26f18dc.26f18dc26f5dff@mbox.com.au> References: <26f5dff26f18dc.26f18dc26f5dff@mbox.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
The AD DCs work just as an MIT KrbV KDC works. A couple things to watch for: *For Kerberos authentication, your realm will be the same as your FQDN Active Directory domain, in UPPERCASE. The KDC will be automatically found if you are running W2k DNS (or the proper SRV+TXT records in your DNS) If you add the following to your krb5.conf file: [libdefaults] ... dns_lookup_kdc = true dns_lookup_realm = true ... This lets you simply type kinit myprinc@MYAD.MYDOMAIN.TLD To use the AD as your default realm, use this: [libdefaults] ... default_realm = MYAD.MYDOMAIN.TLD ... The above will let you use pam_krb5 to authenticate your login ID as your Krb princ. Good luck! -Matt On Thu, 2003-02-13 at 06:10, BSD Freak wrote: > Hi everyone, > > Anyone know a good HOWTO guide for authenticating FreeBSD logons to > Win2K/Acitive Directory Kerberos server. I really need some guidance > here as I havn't the first idea where to start.... > > > -Thanks in advance.... > > --------------------------------------------------------------------- > Would you like to receive faxes to your personal email address? > You can with mBox. Visit http://www.mbox.com.au/fax > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Matt Smith <matt@forsetti.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1045149268.91136.9.camel>