My situation is as follows:
We have a large number of Linux users and thus our accounts are on a MIT Kerberos Server. We have a few Windows users whose accounts are in Windows AD. And we have a growing number of users who sometimes use both systems.
We want the Linux users to be able to log in to the Windows machines. As the number of Linux users is very large, migrating the accounts to AD is not an option.
So I went ahead, created a test user/principal which exists on both sides. I also created a (two-way) trust between AD and MIT Realm, tested it successfully from the Linux side. I Then I used ksetup to set up the Windows machines to recognize the foreign realm
ksetup
default realm = ad.domain (NT Domain)
LINUX.REALM:
kdc = kdc.linux.realm
kpasswd = kdc.linux.realm
Realm Flags = 0x0No Realm Flags
Mapping all users (*) to a local account by the same name (*).
Check returns
nltest /TRUSTED_DOMAINS
List of domain trusts:
0: LINUX.REALM (MIT) (Direct Outbound) (Direct Inbound) ( Attr: non-trans )
1: AD ad.domain (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully
But I can not log in as test@LINUX.REALM into the linux clients nor get tickets from the windows side. Linux Kerberos logs show no TGT Request.
I have also set the altSecurityIdentities for user ad\test as kerberos: test@LINUX.REALM
What am I missing?
