Lars Schimmer <[EMAIL PROTECTED]> wrote: > Christopher D. Clausen wrote: >> Lars Schimmer <[EMAIL PROTECTED]> wrote: >>> Thanks for the link. >>> Maybe I don4t get it right on my thoughts. >>> Setup here: >>> AD with 1 server and x clients >>> krb5 server on debian on extra machine >> >> So you have an Active Directory domain that the Windows machines are >> on? > > Yes, there is a AD domain in which the PCs are. > >> And a seperate Kerberos Realm for the Linux machines? > > The REALM is the same as the AD domain (both are CGV.TUGRAZ.AT ir in > lower case cgv.tugraz.at)
Okay, this sounds bad. You'll likely need to rename either the domain or the realm. (I believe there is a Windows tool to rename a domain.) Maybe someone else has an idea for you? I don't think you can even setup a realm trust if the realm names are the same b/c the cross-realm TGT (krbtgt) would overwrite the current realms TGT. >> Do you have a realm trust between these? B/c its not likely to work >> if you don't. > > There is no realm trust between both (which are the same). > I use cgv.tugraz.at as a AD domain for login and CGV.TUGRAZ.AT for > obtaining tickets/tokens. You cannot have this work just b/c the realms are the same. There needs to be a trust setup between the realms, or you need to have ALL your non-Windows machines also use the Windows domain as a KDC instead of the MIT one. And please reply to the list and not to me directly. <<CDC ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
