Site Tools


Sidebar

software:kerberos:crossrealm:6_join_winxp2realm

howto join a windows xp into the mit-kerberos realm

Note: windows uses here only the kerberos-KDC to authenticate users (check passwords); autorization-information is not used. So the users have to exist on the windows-box or the authorization-informations have to come there by some other means.

@windows xp:
- add a user tester3
- toggle hostname to qemuwixp
- configure the box to use our dns-server for resolving (wixp will look up kerberos-stuff)
- use explorer to extract file ksetup.exe from cabinet-file SUPPORT/TOOLS/SUPPORT from a win-install-cd
- start commandline and execute:
$ ksetup /setrealm FLUXCOIL.NET                  # configure to use our realm
$ ksetup /addkdc FLUXCOIL.NET sid64.fluxcoil.net # or do not hint onto the kerberos-kdc here to use dns-lookups
$ ksetup /setcomputerpassword test123            # set the host-principal - change the password
$ ksetup /mapuser * *                            # or chorn@FLUXCOIL.NET administrator
- reboot windows-box

@kerberos kdc:
kadmin.local:  ank host/qemuwixp.fluxcoil.net@FLUXCOIL.NET
WARNING: no policy specified for host/qemuwixp.fluxcoil.net@FLUXCOIL.NET; defaulting to no policy
Enter password for principal "host/qemuwixp.fluxcoil.net@FLUXCOIL.NET": test123
Re-enter password for principal "host/qemuwixp.fluxcoil.net@FLUXCOIL.NET": test123
Principal "host/qemuwixp.fluxcoil.net@FLUXCOIL.NET" created.
kadmin.local:  ank tester3
WARNING: no policy specified for tester3@FLUXCOIL.NET; defaulting to no policy
Enter password for principal "tester3@FLUXCOIL.NET": passwort
Re-enter password for principal "tester3@FLUXCOIL.NET": passwort
Principal "tester3@FLUXCOIL.NET" created.

@windows xp after reboot:
log in with 'enhanced options', select kerberosrealm, user tester3, password whatever 
youve chosen above
The problem: password is checked proberly but the account with the username has to exist 
on the machine. No use of groups and so on.

###############
# testing samba3 (have only seen it as client in AD-domain yet):
#tar xzf samba-3.0.23c.tar.gz
#cd samba-3.0.23c/source
#CPPFLAGS="-I/opt/soft_openldap-2.3.27/include" LDFLAGS="-L/opt/soft_openldap-2.3.27/lib" \
#  ./configure --prefix=/opt/soft_samba-3.0.23c --with-ldap --with-ads \
#  --with-krb5=/opt/soft_krb5-1.5.1/
#make && make install
software/kerberos/crossrealm/6_join_winxp2realm.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1