Unfortunately you can not, it is only for DNS name suffixes not for hosts. Markus
"Mikkel Kruse Johnsen" <[email protected]> wrote in message news:[email protected]... > Hi Markus > > Is it possible to do: > > netdom trust HHK.DK /domain:CBS.DK /addtln:od.cbs.dk > > And only have windows clients ask my MIT kerberos server when accessing > https://od.cbs.dk ? > or is it only for the whole domain. > > > Med Venlig Hilsen / Kind Regards > > > > > Mikkel Kruse > Johnsen > Adm.Dir. > > Linet > Ørholmgade 6 st tv > Copenhagen N 2200 > Denmark > > Work: +45 > 21287793 > Mobile: +45 > 21287793 > Email: > [email protected] > IM: > [email protected] > (MSN) > Professional > Profile > Healthcare > > > Network > Consultant > > > tir, 22 09 2009 kl. 21:48 +0100, skrev Markus Moeller: > >> Do you look for something like ? >> >> netdom trust WINDOWS2003.HOME /domain:SUSE.HOME /addtln:suse.home >> >> This tells the w2k3 domain WINDOWS2003.HOME that hosts with in the >> domain >> suse.home belong to the MIT domain SUSE.HOME >> >> Markus >> >> "Mikkel Kruse Johnsen" <[email protected]> wrote in message >> news:[email protected]... >> > Hi All >> > >> > I have a trust between my Windows 2003 AD (HHK.DK) and my RHEL5 MIT >> > Kerberos (CBS.DK). >> > >> > On the Windows machines I have: >> > >> > HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK >> > KdcNames: kdc1.cbs.dk kdc2.cbs.dk >> > >> > >> > Adding "HTTP/[email protected]" to my CBS.DK and using mod_auth_kerb in >> > Apache. SSO worked on both Windows and Linux clients with HHK.DK >> > tokens. >> > >> > In my log file "/var/log/krb5kdc.log" I could see that a lot of request >> > came from windows machines. >> > >> > >> > Now the IT department created a UPN suffix on the AD called CBS.DK and >> > SSO stopped working on Windows clients. The request in >> > "/var/log/krb5kdc.log" stopped. >> > >> > We removing the UPN suffix from the AD, but Windows clients is not >> > working and the request to "/var/log/krb5kdc.log" do not happen >> > anymore. >> > Everything is fine on Linux. >> > >> > It seems that Windows clients no longer uses the "HKLM\SYSTEM >> > \CurrentControlSet\Control\Lsa\Kerberos\Domains\CBS.DK" in the reg. >> > >> > Have been searching the net for month now. Anyone has any ideas what is >> > wrong ? >> > >> > Is there a way to map domain to realms in Windows like [domain_realm] >> > in >> > krb5.conf ? >> > >> > >> > Med Venlig Hilsen / Kind Regards >> > >> > >> > >> > >> > Mikkel Kruse >> > Johnsen >> > Adm.Dir. >> > >> > Linet >> > Ørholmgade 6 st tv >> > Copenhagen N 2200 >> > Denmark >> > >> > Work: +45 >> > 21287793 >> > Mobile: +45 >> > 21287793 >> > Email: >> > [email protected] >> > IM: >> > [email protected] >> > (MSN) >> > Professional >> > Profile >> > Healthcare >> > >> > >> > Network >> > Consultant >> > >> >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
