Do you look for something like ? netdom trust WINDOWS2003.HOME /domain:SUSE.HOME /addtln:suse.home
This tells the w2k3 domain WINDOWS2003.HOME that hosts with in the domain suse.home belong to the MIT domain SUSE.HOME Markus "Mikkel Kruse Johnsen" <[email protected]> wrote in message news:[email protected]... > Hi All > > I have a trust between my Windows 2003 AD (HHK.DK) and my RHEL5 MIT > Kerberos (CBS.DK). > > On the Windows machines I have: > > HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK > KdcNames: kdc1.cbs.dk kdc2.cbs.dk > > > Adding "HTTP/[email protected]" to my CBS.DK and using mod_auth_kerb in > Apache. SSO worked on both Windows and Linux clients with HHK.DK tokens. > > In my log file "/var/log/krb5kdc.log" I could see that a lot of request > came from windows machines. > > > Now the IT department created a UPN suffix on the AD called CBS.DK and > SSO stopped working on Windows clients. The request in > "/var/log/krb5kdc.log" stopped. > > We removing the UPN suffix from the AD, but Windows clients is not > working and the request to "/var/log/krb5kdc.log" do not happen anymore. > Everything is fine on Linux. > > It seems that Windows clients no longer uses the "HKLM\SYSTEM > \CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK" in the reg. > > Have been searching the net for month now. Anyone has any ideas what is > wrong ? > > Is there a way to map domain to realms in Windows like [domain_realm] in > krb5.conf ? > > > Med Venlig Hilsen / Kind Regards > > > > > Mikkel Kruse > Johnsen > Adm.Dir. > > Linet > Ørholmgade 6 st tv > Copenhagen N 2200 > Denmark > > Work: +45 > 21287793 > Mobile: +45 > 21287793 > Email: > [email protected] > IM: > [email protected] > (MSN) > Professional > Profile > Healthcare > > > Network > Consultant > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
