(heimdal.info.gz) Configuring Windows 2000 to use a Heimdal KDC
Info Catalog
(heimdal.info.gz) Windows 2000 compatability
(heimdal.info.gz) Windows 2000 compatability
(heimdal.info.gz) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
8.1 Configuring Windows 2000 to use a Heimdal KDC
=================================================
You need the command line program called `ksetup.exe' which is available
in the file `SUPPORT/TOOLS/SUPPORT.CAB' on the Windows 2000 Professional
CD-ROM. This program is used to configure the Kerberos settings on a
Workstation.
`Ksetup' store the domain information under the registry key:
`HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\Kerberos\Domains'.
Use the `kadmin' program in Heimdal to create a host principal in the
Kerberos realm.
unix% kadmin
kadmin> ank --password=password host/datan.example.com
The name `datan.example.com' should be replaced with DNS name of the
workstation.
You must configure the workstation as a member of a workgroup, as
opposed to a member in an NT domain, and specify the KDC server of the
realm as follows:
C:> ksetup /setdomain EXAMPLE.COM
C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
Set the machine password, i.e. create the local keytab:
C:> ksetup /SetComputerPassword password
The password used in `ksetup /setmachpassword' must be the same as the
password used in the `kadmin ank' command.
The workstation must now be rebooted.
A mapping between local NT users and Kerberos principals must be
specified. You have two choices. First:
C:> ksetup /mapuser user@MY.REALM nt_user
This will map a user to a specific principal; this allows you to have
other usernames in the realm than in your NT user database. (Don't ask
me why on earth you would want that....)
You can also say:
C:> ksetup /mapuser * *
The Windows machine will now map any user to the corresponding
principal, for example `nisse' to the principal `nisse@MY.REALM'.
(This is most likely what you want.)
Info Catalog
(heimdal.info.gz) Windows 2000 compatability
(heimdal.info.gz) Windows 2000 compatability
(heimdal.info.gz) Inter-Realm keys (trust) between Windows 2000 and a Heimdal KDC
automatically generated byinfo2html