[ Team LiB ] |
Recipe 2.18 Creating a Trust to a Kerberos Realm2.18.1 ProblemYou want to create a trust to a Kerberos realm. 2.18.2 Solution2.18.2.1 Using a graphical user interface
2.18.2.2 Using a command-line interface> netdom trust <ADDomainDNSName> /Domain:<KerberosRealmDNSName>[RETURN] /Realm /ADD /PasswordT:<TrustPassword>[RETURN] [/UserO:<ADDomainAdminUser> /PasswordO:*] The <TrustPassword> has to match what was set on the Kerberos side. To create a realm trust from the rallencorp.com domain to the Kerberos realm called kerb.rallencorp.com, use the following command: > netdom trust rallencorp.com /Domain:kerb.rallencorp.com[RETURN] /Realm /ADD /PasswordT:MyKerbRealmPassword[RETURN] /UserO:administrator@rallencorp.com /PasswordO:* 2.18.3 DiscussionYou can create a Kerberos realm trust between an Active Directory domain and a non-Windows Kerberos v5 realm. A realm trust can be used to allow clients from the non-Windows Kerberos realm to access resources in Active Directory, and vice versa. See Recipe 18.7 for more information on MIT Kerberos interoperability with Active Directory. 2.18.4 See AlsoMS KB 260123 (Information on the Transitivity of a Kerberos Realm Trust) and MS KB 266080 (Answers to Frequently Asked Kerberos Questions) |
[ Team LiB ] |