Yes, totally confused :)
Thanks to you guy's I got it working now. But what I don't get is how Kerberos
keys are handled in general. The /etc/krb5.keytab is a container, can I take both, UPN and
SPN?
So far so good, start testing failover behaviour if the remote DC's are not available
Thanks a lot & cheers
Josh
________________________________________
Von: sssd-devel-bounces(a)lists.fedorahosted.org
[mailto:sssd-devel-bounces@lists.fedorahosted.org] Im Auftrag von Ondrej Valousek
Gesendet: Freitag, 25. November 2011 16:37
An: sssd-devel(a)lists.fedorahosted.org
Betreff: Re: [SSSD] GSSAPI and Kerberos - understanding question
If you do a net ads join without any other parameters, the credential
>that'll
work is the PONTUS$ cred, not the others.
So "kinit -k PONTUS$" should work.
Always the same story - people get confused by the UPN (User Principal Name) and SPN
(Service Principal Name) meaning.
We should write it down somewhere using bold letters so everyone knows....
Ondrej