Using MIT KDC w/ OSX clients and Win2k3 AD

[kvichak]

We have been successful using an MIT KDC with XP/ AD clients.
I though that by editing the /Library/Prefrences/edu.mit.Kerberos file and removing the AD info and placing my MIT kdc info I could still login to the AD.

When I removed the AD info and just left the MIT KDC info I could not login (and no requests were sent to my MIT KDC).

When I added the AD info again, I was able to login but it used the AD kdc (no requests on my MIT kdc).

There were a couple of lines at the top of the edu.mit.Kerberos file saying to delete the top two lines if you were going to hand edit the file.

I can login and then kinit (to my MIT KDC) just fine

Any ideas on how to configure OSX to use an MIT KDC with the AD plugin?

[kvichak]

I can use “kerberosautoconfig -r REALM -m kdc-fqdn -u”
This dynamically creates a new /Library/Preferences/edu.mit.Kerberos (krb5.conf) file —
— until the ad plugin writes over it.

I changed the permissions to system:admin 444 and it still over wrote it.

I locked the file and it seems to be holding.

But the requests are for [email protected], not [email protected] like I would expect

[kvichak]

I did see that, and I did remove the lines, but as I remember it the box was not hitting my MIT KDC.

I assumed that there was some other sort of magic going on.

[Author]

Posts