[Freeipa-users] IPA + AD authentication in apache
KodaK
sakodak at gmail.com
Fri Jul 19 20:54:52 UTC 2013
On Fri, Jul 19, 2013 at 9:55 AM, natxo asenjo <natxo.asenjo at gmail.com> wrote:
> On 07/19/2013 04:09 PM, Sigbjorn Lie wrote:
>>
>>
>> Retreive a keytab from AD:
>>
>>> ktpass -princ HTTP/webserver.ipa.domain at WINDOWS.DOMAIN +rndpass /mapuser
>>> WINDOMAIN\webserver$
>>
>> -crypto all -ptype KRB5_NT_PRINCIPAL -out webserver.keytab
>>
>> The Windows admin will choose if they want to use a Computer Account or a
>> User Account to bind the
>> keytab to.
>> Copy this keytab into /etc/httpd/HTTP.keytab-AD
>
>
> just filling in (just in case this was not clear): ktpass.exe is a
> windows tool you run in the domain controller (or in a workstation with
> the admins tool installed).
Thanks, everyone.
I'm still waiting for a Windows admin to help me out with this.
Unfortunately I'm not a domain admin, so I can't do this myself. :/
--Jason
More information about the Freeipa-users
mailing list