f



Enabling a Unix OS in dual boot config with a Windows OS to maintain a valid keytab in Active Directory without invalidating the Windows OS's domain trust relationship

Dear List,

This information is aimed at sites for which all of the following apply:
 - Sites that are using Active Directory as a Kerberos KDC
 - Sites that have dual-boot configured machines running both a Linux and W=
indows based OS with the same hostname
 - Sites that want to have a working Kerberos keytab on the Linux OS, but w=
ithout invalidating the trust relationship between the Windows OS and Activ=
e Directory.

This problem may be old news or may not apply, but it can be solved with a =
few steps:

Problem/Background: If a keytab is constructed for the Linux OS (using mskt=
util, ktpass etc), the password of the corresponding computer account is re=
set in Active Directory in order for client and domain controller(s) to hav=
e matching keys. This invalidates the Windows OS's password, which no longe=
r matches the one stored in Active Directory. This results in the following=
 error when attempting to logon to the domain from the Windows OS:

'The trust relationship between this workstation and the primary domain fai=
led'

A Solution: Configure the Windows OS to use a password which matches that u=
sed by the Linux OS (I used the NetJoinDomain function to do this). There i=
s an increased security risk, in that the Windows OS can no longer periodic=
ally update the key, but developing a custom key renewal system which does =
not invalidate either OS's key might be an option.

Steps:
 1. Login as the local Administrator on the Windows OS
 2. Disable the Windows OS's ability to reset the machine password (the ins=
tructions apply to Windows7 too): http://support.microsoft.com/kb/154501
 3. Reset the computer account's password and create the key (ktpass and ms=
ktutil have been tested but msktutil must be changed to return the random p=
assword generated)
 4. Logon as local Administrator on the Windows OS and use the NetJoinDomai=
n (http://msdn.microsoft.com/en-us/library/aa370433%28v=3Dvs.85%29.aspx) fu=
nction and the password used in the previous step to restore the trust rela=
tionship. See function usage below:

NetJoinDomain(null, <domain>, null, null, <machine_password>, (NETSETUP_JOI=
N_DOMAIN | NETSETUP_JOIN_UNSECURE | NETSETUP_MACHINE_PWD_PASSED | NETSETUP_=
DOMAIN_JOIN_IF_JOINED))

If this is interesting but you need any further information, feel free to g=
et in contact.

Regards,

John
0
1/8/2011 11:51:22 AM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
1571 Views

Similar Articles

[PageSpeed] 14

Reply:

Similar Artilces:

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other
> -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@teksavvy.com]=20 > Sent: October 11, 2004 11:45 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') other OS')=20 > other OS') other OS') other OS') other OS') other OS') other=20 > OS') other OS') other OS') other OS') other OS') other OS') other=20 >=20 > "Main, Kerry" wrote: > > Course, there are many ways to offer differen...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS') other OS')
> -----Original Message----- > From: Soterro [mailto:soterroatyahoocom@address.hp.com]=20 > Sent: October 11, 2004 9:43 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') other OS')=20 > other OS') other OS') other OS') other OS') other OS') >=20 > Main, Kerry wrote: > >>From: John Smith [mailto:a@nonymous.com]=20 > >>You aren't directly to blame for this and I know you'd like=20 > >>to keep your > >>job, but just how many times have you and your colleagues=20 > >>written carly(tm) > >>or curly or GQ Bob about this in the past? > >=20 > > Actually, I work with UNIX, Windows as well as OpenVMS.=20 > You're value to > > any corporation goes up exponentially if you know more than one OS.=20 >=20 > I think JS asked something else: is it so out of this world to think=20 > that the insiders could point their superiors to some things? >=20 > S > And you think perhaps that this does not happen? Course, there are many ways to offer different opinions within a large company, but keep in mind that every OS or platform within a company will always try and say it needs more $'s to promote/enhance itself.=20 Take a big company like IBM - what do you think an AIX field person's chances are of convincing their Mgmt to qui...

replicating OS 9's tabbed windows in OS X
I used to use OS 9's tabbed windows to keep frequently used folders open along the bottom of my screen. Can anyone recommend a program which can created tabbed folders in the dock or on the side of the screen in OS X? I've seen DragonDrop but it only works with 10.4 which I don't have. Thanks. In article <tho-300E10.10480819082007@news.giganews.com>, THO <tho@tho.tho.23.invalid> wrote: > I used to use OS 9's tabbed windows to keep frequently used folders open > along the bottom of my screen. Can anyone recommend a program which can > created tabbed ...

os.access(file, os.R_OK) on UNIX and WINDOWS
Hello, on UNIX I changed the permission of a file "myfile" with chmod 000 myfile. Then I got 0 from os.access(myfile, os.R_OK). This is ok. Then I checked the same file on WINDOWS (with samba): I got "True" from os.access(myfile, os.R_OK). I think it is not ok?! In my python script I check the return value of os.access(myfile, os.R_OK) and when it is "True" I copy the file with shutil.copy(myfile, newfile). But on WINDOWS I get the error: IOError: [Errno 13] Permission denied. How can I check the right file access with python on WINDOWS before copying the file...

RE: os.access(file, os.R_OK) on UNIX and WINDOWS
[kai=20rosenthal] |=20on=20UNIX=20I=20changed=20the=20permission=20of=20a=20file=20"myfile"=20= with=20chmod=20000 |=20myfile.=20Then=20I=20got=200=20from=20os.access(myfile,=20os.R_OK).=20= This=20is=20ok. |=20 |=20Then=20I=20checked=20the=20same=20file=20on=20WINDOWS=20(with=20samba)= : |=20I=20got=20"True"=20from=20os.access(myfile,=20os.R_OK).=20I=20think=20= it=20is=20not=20ok?! Ummm.=20This=20is=20a=20touch=20similar=20to=20a=20parallel=20thread=20abo= ut os.X_OK=20on=20Win32.=20At=20the=20risk=20of=20being=20grilled=20by=20bett= er-informed types,=20the=20fact=20is...

Running Windows Apps on mac os x without booting Windows XP: soon ! ( ?)
subject: Mac os x on intel machines:---> WINE on Mac os X ?? Since wine is unix/ linux, and runs windows apps, I suppose it will be possible to run windows apps on mac os x-intel, without the windows OS. Is there somebody aware of this / working on the project ?? (a port) Thanks, Marc -----PS---- Apple says: The blue & White is supported for OS X. �It is not true. � The rev A poses problems ... http://users.fulladsl.be/spb13810/apple/ Apple phished me into a lots of lost time, lost money and lost credentials... -- een appeltje te schillen met http://users.fulladsl.be/spb1...

Mac's OS X versus Window's XP, General Discussion
I would like to hear anyone's comments, opinions, "proof", etc. about the relative merits and drawbacks of the specific OSs that run on _modern_ Mac hardware and modern PC hardware. (any brand of PC hardware, as long as it is modern) If possible, I would prefer the discussion to be about two specific OSs, the Windows XP (home edition), and the Apple OS X, the current OS being 10.3.6 I probably have the wrong picture about the relative merits and drawbacks. Let me put it in words, then possibly some here could correct my assumptions, or even add new things I am not aware of. The assumption here is that the "latest and greatest" general consumer hardware is being used on both platforms. In all cases below OS X is being compared against XP, home edition. Merits of OS X - - - **************************************** 1) Stronger inherent security of the OS X itself against viruses. 2) Easier for a newbie to learn, assuming newbie stays away from OSX's command line. (Unix) 3) Better support for popular hardware drivers. 4) Fairly good support for Unix in the same OS X. 5) Better support for the "creative arts", i.e. desktop publishing, creating movies, creating advertising, etc. 6) OS has better stability against crashing. 7) Important OS configuration features tend to be better located in a central location, instead of being scattered all over. ***************************************** Merits of OS XP, home...

Better DOS than DOS, better Windows than Windows, better OS/2 than OS/2 :-)))
Hello, hereby I officially announce my entry into "eCS lusers" crowd :-) Installed 1.1 entry upgrade from Warp 4 on Saturday. Until now I was at Warp 4 FP15, and the days of fixed-patched-1996-oldtimer are gone. Although OS/2 base system in eCS 1.1 does not considerably differ from CP2, the value of added software (especially SDK 4.52) made my day. I got up-to-date OS/2 with SDK and other SW for cca 109 euro (thanks to my Warp 4). Just one notice about eCS: Should have happened earlier, in Warp 3 times. And just a drop of poison for you-know-who: I was able to run all my OS/2 sof...

Inconsistency between os.getgroups and os.system('groups') after os.setgroups()
Run this test program as root: import os print "before:", os.getgroups() os.system("groups") os.setgroups([]) print "after:", os.getgroups() os.system("groups") After the os.setgroups, os.getgroups says that the process is not in any gr= oups, just as you would expect. However the groups command run using os.sy= stem says that the process is in the root group. It appears that the new p= rocess started by os.system augments the group membership specified in the = os.setgroups command with the group of the actual user of the original proc= ess (which ...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS')
> -----Original Message----- > From: JF Mezei [mailto:jfmezei.spamnot@teksavvy.com]=20 > Sent: October 10, 2004 2:45 AM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 [snip..] >=20 > These days, the CIO reads trade mags on the commuter train=20 > and sees people > moving to windows or Linux and decides that his company must=20 > be ahead of the > race and hurry to migrate to this week's trendy product. >=20 >=20 > ITS ALL ABOU...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #2
> -----Original Message----- > From: John Smith [mailto:a@nonymous.com]=20 > Sent: October 10, 2004 6:18 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Re: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 [snip...] > How many 30'something CTO's even know what VMS is? How many=20 > of their system > architects or programmers? After the .crash era, there are likely very few CTO's left in their 30's. Those folks are more likely back in the trenches doing mid level mgmt jobs. Hey, I a...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #3
> -----Original Message----- > From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=20 > Sent: October 10, 2004 10:52 PM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 > In article=20 > <FD827B33AB0D9C4E92EACEEFEE2BA2FB45D86D@tayexc19.americas.cpqc > orp.net>, "Main, Kerry" <kerry.main@hp.com> writes: >=20 > > for that matter. However, I know of two major Customers=20 > that wanted to > > convert OpenVMS applica...

RE: Obsucure Inquier article about Intel mentions VMS (and not any other OS') other OS') other OS') #4
> -----Original Message----- > From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=20 > Sent: October 11, 2004 5:33 AM > To: Info-VAX@Mvb.Saic.Com > Subject: RE: Obsucure Inquier article about Intel mentions=20 > VMS (and not any other OS') other OS') other OS') >=20 > In article=20 > <FD827B33AB0D9C4E92EACEEFEE2BA2FB45D86E@tayexc19.americas.cpqc > orp.net>, "Main, Kerry" <kerry.main@hp.com> writes: > >=20 > >> -----Original Message----- > >> From: Larry Kilgallen [mailto:Kilgallen@SpamCop.net]=3D20 > ...

Cannot dual boot OS X / OS 9
I have Mac OS 10.2 (Jaguar) with Classic installed. I want to boot into OS 9 to setup some old hardware (sharing a USB printer over the network with older OS 9 machines, yes, I know it's futile). Anyway, I go to the Startup Disk pane of System Preferences, but the only startup disk that appears is the Mac OS X one. What gives? How do I get to the OS 9 system now? TIA, -- David McFarlane David McFarlane wrote: > > How do I get to the OS 9 system now? Check to see if your machine is dual-bootable. If not, then double-click your Classic app and OS X will start Classic mode, whi...

[News] Reasons to Embrace GNU/Linux at OS X's and Windows' Expense
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pros and Cons of the Major Operating Systems ,----[ Quote ] | Dean Walden is an avid internet user, watcher, | promoter, website builder and researcher. The | Ubuntu version of the Linux operating system is | easy to use if you can use Windows. `---- http://linux.bihlman.com/2010/02/15/pros-and-cons-of-the-major-operating-systems/ Should You Switch From Microsoft To Linux? ,----[ Quote ] | 4. Usability | | Another of the keys of your future success is | the fact than many issues are already resolved | due to the widespread use of deskto...

do 'os.path' include 'os' for us?
Hi, I wrote a python script to list files in a directory but somehow did it wrongly by importing os.path instead of os. To my astonishment, it works just as charm: #!/usr/bin/python import os.path for file in os.listdir('/root/'): print file I was wondering why? os.path doesn't contain listdir, why there is no complaint like 'os: unknown name'? Does this mean, instead of importing os, we can import os.path? Thanks. On Mar 27, 6:41=A0pm, Jerry Fleming <jerry.flem...@saybot.com> wrote: > Hi, > > I wrote a python script to list files in a directory but ...

Help: Multi OS won't boot some OS
Hi, Just bought a new AMD 64b PC with 2 SATA HDs and successfully installed on it several OS in the following order: a. Win XP (for the kids...) on sda1 2. SUSE 10 OSS_X64 on sdb8 3. Mandriva 2006_X64 on sdb1 (/), sdb5(/home), sdb6(/var) (Net installation) 4. Kubuntu 5.10 _X64 on sdb7 All Linux installs share the same swap. Initially, I could boot into all OSs. However, as I noticed that the Mandriva /home partition was ext3, rather than Rieser (my preference), while using SUSE, I did the following (probably foolish). a. Used partimage to backup Mandriva's /home partition (still empty except for default installation). b. Used YAST to edit above partition and modified its FS to Rieser. c. Restored the /home image using partimage. That's the stage I'm currently and I have the following troubles: 1. I can boot only into SUSE and Kubuntu. Trying to boot into XP just hangs a blank screen while trying to boot Mandriva issues a Kernel panic with the following message: ----------Message during Mandriva boot------------- VFS: Can not open root device "sdb1" or unknown-block(0,0) Please append a correct "root" boot option. Kernel panic.. -----------end of message------------------------------ 2. Naturally my Mandriva's /home got restored as ext3 (although I can live with that). Enclose please find copies of fdisk and /boot/grub/menu.lst of my Kubuntu (latest install, currently "in charge"). I have added c...

Worm virii and windows OS's
It is interesting to see many users and business paralyzed by the new wave of virii. Today one of my partners made the following comment: "it is not fun anymore to use computers, I have to spend more money and time to keep it running than using the old notebook and pencil". Seen how vulnerable MS OS's are and how much we depend on them to run not only business but even our national security I wonder how weak we have become depending on a poorly design OS. Sometime I think that "virii industry" can potentially destroy the giant MS. It is rewarding to u...

Amazon's top selling laptop doesn't run Windows or Mac OS, it runs Linux
By SJVN [quote] We all know now that Windows 8 sales have been.... disappointing. You can blame the hardware. You can blame Windows 8's mixed-up interfaces. You can blame the rise of tablets and smartphones. Whatever. The bottom line is Windows 8 PC and laptop sales have been slow. So, what, according to Amazon, in this winter of Windows 8 discontent has been the best selling laptop? It's Samsung's ARM-powered, Linux-based Chromebook. Shocked? Amazed? Why? The Chromebook has several things going for it. [/quote] Full article: http://www.zdnet.com/amazons-top-selling-laptop-doesnt-run-windows-or-mac-os-it-runs-linux-7000009433/ http://tinyurl.com/a78eyvc -- |_|0|_| Marti T. Van Lin, alias ML2MST |_|_|0| https://linuxcounter.net/user/513040.html |0|0|0| http://osg33x.blogspot.com Marti Van Lin wrote: >By SJVN > >[quote] > >We all know now that Windows 8 sales have been.... disappointing. You >can blame the hardware. You can blame Windows 8's mixed-up interfaces. >You can blame the rise of tablets and smartphones. Whatever. The bottom >line is Windows 8 PC and laptop sales have been slow. So, what, >according to Amazon, in this winter of Windows 8 discontent has been the >best selling laptop? It's Samsung's ARM-powered, Linux-based Chromebook. > >Shocked? Amazed? Why? The Chromebook has several things going for it. > >[/quote] > >Full article: > >h...

OS/2 is EVIL, it's the OS of SATAN ! ! !
OS/2 is EVIL, it's the work of the devil, made to collect your souls and to turn you into brainless slaves of hell. If you like OS/2, you will lose your soul to be damned for eternal torment in hell.Demons and devils will feast on your soul for all eternity. So stop using it now to save your soul. Or the holy inquisition will come for you and burn your flesh to save your soul, because the devil must not collect more souls or nobody can prevent Armageddon. OS/2 is evil, using it is BLASPHEMY , only heretics and witches like OS/2.And heretics and witches shall BURN ! OS/2 = OS of hell, ...

Amazon's top selling laptop doesn't run Windows or Mac OS, it runs Linux #2
http://goo.gl/xRymh <quote> We all know now that Windows 8 sales have been.... disappointing.You can blame the hardware. You can blame Windows 8's mixed-up interfaces. You can blame the rise of tablets and smartphones. Whatever. The bottom line is Windows 8 PC and laptop sales have been slow. So, what, according to Amazon, in this winter of Windows 8 discontent has been the best selling laptop? It's Samsung's ARM-powered, Linux-based Chromebook. </quote> -- Big Brother is watching ... so are we On 1/11/2013 3:24 AM, Robin T Cox wrote: > http://goo.gl/xRymh > > <quote> > We all know now that Windows 8 sales have been.... disappointing.You can > blame the hardware. You can blame Windows 8's mixed-up interfaces. You can > blame the rise of tablets and smartphones. Whatever. The bottom line is > Windows 8 PC and laptop sales have been slow. So, what, according to Amazon, > in this winter of Windows 8 discontent has been the best selling laptop? > It's Samsung's ARM-powered, Linux-based Chromebook. > </quote> "Microsoft Corp has sold 60 million licenses and upgrades for its new Windows 8 operating system in the 10 weeks since its launch..." The latest Windows 8 figure means Microsoft sold around 20 million Windows 8 licenses and upgrades since the end of November, when it announced 40 million sales in the first month on the market. That put...

Problems with dual booting OS X & Windows
I attempted to install Windows 7 on my Intel iMac with OS X 10.6.4. The process appeared to go smoothly but I'm left in a strange situation. When re-starting the computer it loads up Windows 7 without offering me the choice of Mac OS or Windows. Using my Leopard installation disks I was able to get in to Disk Utility and boot up the Mac partition from there. The Mac partition appears to be in perfect condition and everything seems to be there. No doubt from previous experiences I've gone wrong somewhere in the installation. So where did I go wrong? And can someone te...

Apple's OS X on Windows XP ;)
http://os-emulation.net/pearpc/web/ Take a Look ;) x2_[n+] wrote: > http://os-emulation.net/pearpc/web/ > Take a Look ;) > And this has what exactly to do with the Apple ][, other than that it emulates an Apple computer? Sorry, wrong group. Moll. In article <bbvIc.70008$MT5.12132@nwrdny01.gnilink.net>, Moll <Bettykate@dosius.com> wrote: > x2_[n+] wrote: >> http://os-emulation.net/pearpc/web/ >> Take a Look ;) > > And this has what exactly to do with the Apple ][, other than that it > emulates an Apple computer? Sor...

Speech Recog for non-Windows OS's
Any info re production-quality (or, close to) for non-Windows env's will be appreciated. Actually, getting the resulting text into a web browser form is the target. I expect that any solutions will be Java-based, and I've found a fair number of research kits, but not yet a production one. Have I missed some? Thanks, all. AS In article <1156094184.667894.99000@b28g2000cwb.googlegroups.com>, 3ashore@comcast.net wrote: > Any info re production-quality (or, close to) for non-Windows env's > will be appreciated. Actually, getting the resulting text into a web > b...

Web resources about - Enabling a Unix OS in dual boot config with a Windows OS to maintain a valid keytab in Active Directory without invalidating the Windows OS's domain trust relationship - comp.protocols.kerberos

Scoop: Bounty set for invalidating Lodsys patents
The group that's gone after a number of mobile app developers and big companies alike is now having its four patents targeted for invalidation ...

Will the Decision Invalidating DOMA Section 3 Be Overruled?
Yale law professor Jack Balkin makes a compelling case that at least part of the verdicts in the district court decision finding Section 3 of ...

Judge Rules In Favor Of FindTheBest By Invalidating 'Matchmaking' Patent
Earlier this year, FindTheBest was hit with patent litigation by Lumen View Technology LLC. Lumen View Technology is a shell company that files ...

Court modifies for invalidating patents
WASHINGTON - The Supreme Court on Monday scaled back a controversial legal test that has made it difficult to challenge patents on new products. ...

Canadian government begins invalidating passports of citizens who have left to join extremist groups
... may effectively be stranded there. Their passports are no longer valid and cannot be used to return to Canada The government has begun invalidating ...

Canadian government begins invalidating passports of citizens who have left to join extremist groups
Let this girl wear her ridiculous “Virginity Rocks” T-shirt Right wing vultures start to circle #GamerGate Another week, another atheist demands ...

US Appeals Court Ruling Invalidating NSA Surveillance
WASHINGTON - The US government said Friday it is appealing a judge's ruling that the National Security Agency's bulk collection of phone records ...

Apple faces uphill challenge invalidating HTC LTE patents
... by Samsung that the South Korean company would aggressively challenge any 4G Apple devices . [ via CNET] Apple faces uphill challenge invalidating ...

EFF busts infamous podcasting patent, invalidating key claims used to threaten podcasters
Rebecca Jeschke / Electronic Frontier Foundation : EFF busts infamous podcasting patent, invalidating key claims used to threaten podcasters ...

GOP Rep. backs birther investigation in hopes of invalidating laws under Obama
Freshman Rep. Ted Yoho (R-Fla.) said during a town hall meeting that while questions about President Obama's birth certificate were not the best ...

Resources last updated: 3/10/2016 1:34:43 PM