July 2006 - Posts

• How to establish two-way trust relationship between MIT V5 Kerberos Realm and Active Directory using RC4 encryption

  With the introduction of Windows 2003 SP1 it is now possible to use RC4 encryption for Kerberos exchanges between MIT V5 Realms and Active Directory as opposed, now considered to be week, DES protocol. Despite the fact that there a several good resource on the web that provide sufficient information on how to in principal establish trust between AD and MIT V5 Kerberos Realm, most of them were written prior to Windows 2003 SP1 and do not provide information on how to utilize RC4. This walk-through attempts to bridge this gap and provide some specifics as to how to configure the trust to use RC4 encryption. Read More... Posted Tuesday, July 18, 2006 3:59 PM by alextch | 1 Comments Filed under: AD Interop

• How to interpret encryption types definitions in krb5kdc.log on UNIX KDC, during configuration of trust relationship between MIT V5 Realm and Active Directory

  If you ever tried to configure a trust relationship between MIT V5 Realm and AD, I am sure you probably ran into some initial configuration issues and had to look into the krb5kdc.log file to figure out what the issue was. Basically a very typical issue to run into is the fact that AD and MIT Realm could not agree on mutual encryption types and krb5kdc is a good place to find out about this. Read More... Posted Tuesday, July 18, 2006 12:06 PM by alextch | 1 Comments Filed under: AD Interop

• Very practical example of using MapAttributesForJoin Method

  This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm I finally found a very good practical example of demonstrating Read More... Posted Friday, July 14, 2006 12:53 PM by alextch | 0 Comments Filed under: MIIS