Yes, totally confused :)
Thanks to you guy's I got it working now. But what I don't get is how Kerberos keys are handled in general. The /etc/krb5.keytab is a container, can I take both, UPN and SPN?
So far so good, start testing failover behaviour if the remote DC's are not available
Thanks a lot & cheers Josh
________________________________________ Von: sssd-devel-bounces@lists.fedorahosted.org [mailto:sssd-devel-bounces@lists.fedorahosted.org] Im Auftrag von Ondrej Valousek Gesendet: Freitag, 25. November 2011 16:37 An: sssd-devel@lists.fedorahosted.org Betreff: Re: [SSSD] GSSAPI and Kerberos - understanding question
If you do a net ads join without any other parameters, the credential >that'll work is the PONTUS$ cred, not the others.
So "kinit -k PONTUS$" should work.
Always the same story - people get confused by the UPN (User Principal Name) and SPN (Service Principal Name) meaning. We should write it down somewhere using bold letters so everyone knows....
Ondrej