Kerb Realms

[dom9inic]

No access, no ticket.

Has it something to do with the fact I’m trying to get AD users managed through OD groups to access this site? Is that not possible, do I need to create OD users?

[dom9inic]

Thanks Josh,

I had read the article a few times, but re-reading it I notice you say something about “then user who login to their network homes, will get a TGT ticket and be able to surf to the site..”

Well, that’s the problem in my environment, AD logins but the AD HomeDirs are not mounting for some reason I cannot get to the bottom of, so perhaps that’s why the Kerb REALM on my site does not work.

Cheers anyway

[dom9inic]

Judging from your last post, it’s clear I’ve not really understood how this setup should work.

My setup is as follows (briefly):

Macs authenticate against Active Directory server on our subnet and get SSO access to any AD shares.

They also get MCX from my ODM, and get SSO to any afp shares, not that I have a mix, but they can if needed.

I have one Xserve, it is my ODM. Its roles are ODM, iChat server for staff, NetBoot, NetInstall and hopefully intranet for the Macs.

Kerb is enabled on this ODM, if I do ‘sudo klist -kt’ I get an appropriate entry:

3 07/11/05 13:59:43 http/[email protected]

When I log in as an AD user (desktop managed in OD groups through WGM on my ODM) I cannot hit the site when I create a realm for it and insist on Kerb authentication.

Am I fundamentally missing the point?

Help is much appreciated as usual.

[Author]

Posts