samba - Jan 2009 - Configure usage of MS Kerberos

Hi,

i would like to use on Centos 5 Microsoft kerberos tickets for  
authentication for some applications. LDAP FDS for example.

For that I have to add some spn to Active Directory. And afterwards to 
export this to local keytab.

---------

kadmin -q "add_principal -randkey 
ldap/${INSTANCE}.${fully-qualified-domain}"

Then, export that key to a keytab file. If you've deployed other 
services which also authenticate users using Kerberos on the same 
system, it's recommended that you give each one its own keytab file.

kadmin -q "ktadd -k  /etc/dirsrv/slapd-${INSTANCE}/${INSTANCE}.keytab
ldap/${INSTANCE}.${fully-qualified-domain}"

------------


My kerberos integration has beend done. net join, net testjoin, kinit 
does work.

My problem at the moment is the kadmin command for add and export the 
upn. I get always the following errors.


----
 kadmin -k
Authenticating as principal host/wg-centos-fds1.xxx.xxx@XXX.XXX with 
default keytab.
kadmin: Database error! Required KADM5 principal missing while 
initializing kadmin interface
----

My main question is it possible to use kadmin to add/modify/export 
upn/spn in a Active Directory?

Are there other linux tools to do that?

thanks for any help
best regards

seppel

On Sun, 2009-01-11 at 12:50 +0100, Seppel wrote:
> ----
> 
> My main question is it possible to use kadmin to add/modify/export 
> upn/spn in a Active Directory?
No.
> Are there other linux tools to do that?
I think 'net ads keytab' can help

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20090112/3f1bbd27/attachment.bin