AD integration: computer account vs. user account? - Kerberos

This is a discussion on AD integration: computer account vs. user account? - Kerberos ; Using information found here (thank you, all!) and on various sites across the Internet, I have managed to get Red Hat Linux 9 authenticating to Active Directory via Kerberos (it uses LDAP to look up the user and group information). ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: AD integration: computer account vs. user account?

  1. AD integration: computer account vs. user account?

    Using information found here (thank you, all!) and on various sites
    across the Internet, I have managed to get Red Hat Linux 9
    authenticating to Active Directory via Kerberos (it uses LDAP to look
    up the user and group information). One quick question: I had to
    create a user account for the Linux host and use ktpass to generate the
    keytab. Is there any way to use a computer account instead of a user
    account?

    Many thanks in advance for any help anyone can provide.

    --
    Scott Lowe


  2. Re: AD integration: computer account vs. user account?


    > Is there any way to use a computer account instead of a user account?


    of course: assume 'linuxbox' is your linux machine. just create a
    computer account in AD and use '-mapuser linuxbox$' on your ktpass.exe
    commandline. NT computer accounts internally always have a $-sign
    appended to their names.

  3. Re: AD integration: computer account vs. user account?

    On 2005-07-19 08:37:58 -0400, Thomas Schweizer
    said:

    >
    >> Is there any way to use a computer account instead of a user account?

    >
    > of course: assume 'linuxbox' is your linux machine. just create a
    > computer account in AD and use '-mapuser linuxbox$' on your ktpass.exe
    > commandline. NT computer accounts internally always have a $-sign
    > appended to their names.


    Thomas,

    Thanks for the response. I knew about the $ appended to the names for
    computer accounts in AD and I tried that on the ktpass command line.
    It didn't work as expected. After posting the original message in this
    thread, I did some additional searching and came across an obscure
    posting that indicated if you receive the DsCrackNames error 0x2 when
    running ktpass, to specify the -mapuser option as
    NetBIOSDOMAIN\Account$. Upon trying that, it worked like a champ. In
    fact, that was the *ONLY* way ktpass would work.

    I recently posted an entry to my weblog that shows the full command
    line I had to use in order to make it work. That entry is found at
    .

    Thanks

    again for the response. Your replies have been instrumental to my
    success in this endeavor, and I appreciate it.

    --
    Scott Lowe


  4. Re: AD integration: computer account vs. user account?

    Thomas,

    you should also be able to do it directly from your Linux box with a tool
    like http://sourceforge.net/projects/netjoin/

    Markus


    "Scott Lowe" wrote in message
    news:3k4ptcFrhr9lU1@individual.net...
    > On 2005-07-19 08:37:58 -0400, Thomas Schweizer
    > said:
    >
    >>
    >>> Is there any way to use a computer account instead of a user account?

    >>
    >> of course: assume 'linuxbox' is your linux machine. just create a
    >> computer account in AD and use '-mapuser linuxbox$' on your ktpass.exe
    >> commandline. NT computer accounts internally always have a $-sign
    >> appended to their names.

    >
    > Thomas,
    >
    > Thanks for the response. I knew about the $ appended to the names for
    > computer accounts in AD and I tried that on the ktpass command line. It
    > didn't work as expected. After posting the original message in this
    > thread, I did some additional searching and came across an obscure posting
    > that indicated if you receive the DsCrackNames error 0x2 when running
    > ktpass, to specify the -mapuser option as NetBIOSDOMAIN\Account$. Upon
    > trying that, it worked like a champ. In fact, that was the *ONLY* way
    > ktpass would work.
    >
    > I recently posted an entry to my weblog that shows the full command line I
    > had to use in order to make it work. That entry is found at
    > .
    >
    > Thanks
    > again for the response. Your replies have been instrumental to my success
    > in this endeavor, and I appreciate it.
    >
    > --
    > Scott Lowe
    >




+ Reply to Thread