Sorry I asked this question in the wrong place, but thank you for the awesome
answer James!
Public Content
-----Original Message-----
From: James Ralston <ralston(a)pobox.com>
Sent: Wednesday, July 29, 2020 11:05 PM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [External] - [SSSD-users] Re: How to authenticate machine with
Kerberos to Active Directory?
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
On Wed, Jul 29, 2020 at 8:24 PM Wesley Taylor <wesley.taylor(a)numerica.us>
wrote:
I have a program I am trying to set up which tries to authenticate
with the principal host\machine-FQDN@REALM using Kerberos.
However, when I run kinit -k, the machine isn't found in the Kerberos
database.
"kinit -k" (with no arguments) defaults to attempting to obtain a TGT for
(e.g.) host/mymachine.example.org(a)EXAMPLE.ORG, which only works if you set
userPrincipalName to host/mymachine.example.org(a)EXAMPLE.ORG
when you joined the host to Active Directory.
Running "kinit -k MYMACHINE\$" (that is, using the value of the sAMAccountName
attribute as the argument to "kinit -k") should always work.
From what I have read, SSSD is responsible for being the glue
between
MIT Kerberos (what Linux uses) and Microsoft Kerberos (which Active
Directory uses).
This has nothing to do with sssd; it's all about setting userPrincipalName
correctly when you join the host to AD if you want "kinit -k" (with no
arguments) to work.
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe
send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Fdocs.f...
List Guidelines:
https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Ffedora...
List Archives:
https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists....