From owner-freebsd-questions Thu Feb 13 7:14:49 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F0EA37B401 for ; Thu, 13 Feb 2003 07:14:47 -0800 (PST) Received: from mail2.uits.uconn.edu (mail2.uits.uconn.edu [137.99.25.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DC1D43F3F for ; Thu, 13 Feb 2003 07:14:46 -0800 (PST) (envelope-from matt@forsetti.com) Received: from [137.99.80.149] (d80h149.public.uconn.edu [137.99.80.149]) by mail2.uits.uconn.edu (8.11.6/8.11.6) with ESMTP id h1DFEVZ01328; Thu, 13 Feb 2003 10:14:32 -0500 Subject: Re: Authenticating a FreeBSD users to Win2K Kerberos From: Matt Smith To: BSD Freak Cc: FreeBSD Questions In-Reply-To: <26f5dff26f18dc.26f18dc26f5dff@mbox.com.au> References: <26f5dff26f18dc.26f18dc26f5dff@mbox.com.au> Content-Type: text/plain Organization: Message-Id: <1045149268.91136.9.camel@d80h149.public.uconn.edu> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 Date: 13 Feb 2003 10:14:28 -0500 Content-Transfer-Encoding: 7bit X-MailScanner: Found to be clean X-MailScanner-SpamCheck: not spam, SpamAssassin (score=-1.9, required 5, AWL, BALANCE_FOR_LONG, IN_REP_TO, QUOTED_EMAIL_TEXT, REFERENCES, SIGNATURE_SHORT_DENSE) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The AD DCs work just as an MIT KrbV KDC works. A couple things to watch for: *For Kerberos authentication, your realm will be the same as your FQDN Active Directory domain, in UPPERCASE. The KDC will be automatically found if you are running W2k DNS (or the proper SRV+TXT records in your DNS) If you add the following to your krb5.conf file: [libdefaults] ... dns_lookup_kdc = true dns_lookup_realm = true ... This lets you simply type kinit myprinc@MYAD.MYDOMAIN.TLD To use the AD as your default realm, use this: [libdefaults] ... default_realm = MYAD.MYDOMAIN.TLD ... The above will let you use pam_krb5 to authenticate your login ID as your Krb princ. Good luck! -Matt On Thu, 2003-02-13 at 06:10, BSD Freak wrote: > Hi everyone, > > Anyone know a good HOWTO guide for authenticating FreeBSD logons to > Win2K/Acitive Directory Kerberos server. I really need some guidance > here as I havn't the first idea where to start.... > > > -Thanks in advance.... > > --------------------------------------------------------------------- > Would you like to receive faxes to your personal email address? > You can with mBox. Visit http://www.mbox.com.au/fax > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Matt Smith To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message