[27053] in resnet
Windows 7 Lab Computers and Kerberos
daemon@ATHENA.MIT.EDU (Paul Morrison)
Tue Nov 22 12:28:34 2011
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_2D88F551AD109B41A7871DA7A1C40B58CFBC56arborexmbx1UTORAR_"
MIME-Version: 1.0
Message-ID: <2D88F551AD109B41A7871DA7A1C40B58CFBC56@arborexmbx1.UTORARBOR.UTORAD.Utoronto.ca>
Date: Tue, 22 Nov 2011 17:23:50 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Paul Morrison <paul.morrison@UTORONTO.CA>
To: RESNET-L@listserv.nd.edu
--_000_2D88F551AD109B41A7871DA7A1C40B58CFBC56arborexmbx1UTORAR_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Has anyone had success doing authentication to an external Kerberos realm i=
n windows 7 AND successfully mapping *@REALMNAME.BLAH to a single AD accoun=
t with a mandatory profile (ie for lab computers)?
We are a windows AD shop but the campus wide AD is Kerberos based - what we=
need is for anyone with a valid id to be able to log into a workstation a=
nd be logged in as a single local user (individual accounts are not require=
d)
I realize that some might use pgina to connect to a Kerberos server or to a=
ssh/Kerberos or radius/Kerberos bridge, but I'd rather not go that route i=
f possible.
Paul Morrison
Computing Services Coordinator
University College - University of Toronto
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_2D88F551AD109B41A7871DA7A1C40B58CFBC56arborexmbx1UTORAR_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-CA" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Has anyone had success doing authentication to an ex=
ternal Kerberos realm in windows 7 AND successfully mapping *@REALMNAME.BLA=
H to a single AD account with a mandatory profile (ie for lab computers)?<o=
:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">We are a windows AD shop but the campus wide AD is K=
erberos based – what we need is for anyone with a valid id to b=
e able to log into a workstation and be logged in as a single local user (i=
ndividual accounts are not required)<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">I realize that some might use pgina to connect to a =
Kerberos server or to a ssh/Kerberos or radius/Kerberos bridge, but I’=
;d rather not go that route if possible.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<p class=3D"MsoNormal">Paul Morrison<o:p></o:p></p>
<p class=3D"MsoNormal">Computing Services Coordinator<o:p></o:p></p>
<p class=3D"MsoNormal">University College – University of Toronto<o:p=
></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_2D88F551AD109B41A7871DA7A1C40B58CFBC56arborexmbx1UTORAR_--
