Home Forums OS X Server and Client Discussion Web Kerb Realms

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • February 2, 2006 at 1:50 pm #365103
    dom9inic
    Participant

    No access, no ticket.

    Has it something to do with the fact I’m trying to get AD users managed through OD groups to access this site? Is that not possible, do I need to create OD users?

    February 2, 2006 at 9:31 pm #365116
    dom9inic
    Participant

    Thanks Josh,

    I had read the article a few times, but re-reading it I notice you say something about “then user who login to their network homes, will get a TGT ticket and be able to surf to the site..”

    Well, that’s the problem in my environment, AD logins but the AD HomeDirs are not mounting for some reason I cannot get to the bottom of, so perhaps that’s why the Kerb REALM on my site does not work.

    Cheers anyway

    February 3, 2006 at 8:34 am #365134
    dom9inic
    Participant

    Judging from your last post, it’s clear I’ve not really understood how this setup should work.

    My setup is as follows (briefly):

    Macs authenticate against Active Directory server on our subnet and get SSO access to any AD shares.

    They also get MCX from my ODM, and get SSO to any afp shares, not that I have a mix, but they can if needed.

    I have one Xserve, it is my ODM. Its roles are ODM, iChat server for staff, NetBoot, NetInstall and hopefully intranet for the Macs.

    Kerb is enabled on this ODM, if I do ‘sudo klist -kt’ I get an appropriate entry:

    3 07/11/05 13:59:43 http/[email protected]

    When I log in as an AD user (desktop managed in OD groups through WGM on my ODM) I cannot hit the site when I create a realm for it and insist on Kerb authentication.

    Am I fundamentally missing the point?

    Help is much appreciated as usual.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.