Re: Kerberos MIT + windows workstations - Kerberos

This is a discussion on Re: Kerberos MIT + windows workstations - Kerberos ; >This means that the account mapping does not work. On the server I can >see that the authentication is successful. So there must be some problem >after authentication. Did you create a local Windows account for the user? -- Luke ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: Kerberos MIT + windows workstations

  1. Re: Kerberos MIT + windows workstations


    >This means that the account mapping does not work. On the server I can
    >see that the authentication is successful. So there must be some problem
    >after authentication.


    Did you create a local Windows account for the user?

    -- Luke

    --
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Kerberos MIT + windows workstations


    >No, that's what I want to avoid since we have some 1000 workstations. ;-)
    >I'm thinking(dreaming?) of an equivalent to pam_mkhomedir.so or maybe a
    >windows logon script that does the job.


    It's possible but it gets tricky, and because each local account will have
    a different SID, authorization becomes messy. Microsoft have made this
    difficult unless you deploy Active Directory or a compatible technology.

    If you want an alternative to Active Directory that runs on Linux, you
    could try our XAD product:

    http://www.padl.com/Products/XAD.html

    There are academic discounts available.

    There is also the Samba4 Technology Preview.

    cheers,

    -- Luke

    --
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Kerberos MIT + windows workstations

    Luke Howard wrote:
    >> This means that the account mapping does not work. On the server I can
    >> see that the authentication is successful. So there must be some problem
    >> after authentication.
    >>

    >
    > Did you create a local Windows account for the user?
    >
    > -- Luke
    >
    > --
    >

    No, that's what I want to avoid since we have some 1000 workstations. ;-)
    I'm thinking(dreaming?) of an equivalent to pam_mkhomedir.so or maybe a
    windows logon script that does the job.

    -- Dieter


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread