Wednesday, July 29, 2015

Creating Keytab for UNIX machines access in Active Directory

For UNIX servers can gain access to AD and that they can take an active object in AD as well as the possibility of SPNs we record for them, work with Kerberos authentication in a transparent, etc. What makes it all possible is the Keytab that is generated by Ktpass tool (native Windows tool).
Below example command to generate the Keytab (remembering that the computer object in AD must be previously created):
ktpass / princess host / COMPUTER.domain.test@DOMAIN.TEST / out NomeDoArquivo_host.keytab / crypto All / ptype KRB5_NT_PRINCIPAL -desonly / mapuser DOMAIN \ COMPUTER $ + rndPass
Replace:
COMPUTER = Computer Name
DOMAIN.TEST = Domain Name
DOMAIN = Netbios Domain
note: -Necessary align with the UNIX team to computer names and domain involved in the command will be charged with lowercase or uppercase letters.

No comments:

Post a Comment