September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.18. Creating a Trust to a Kerberos Realm
Problem
You want to create a trust to a Kerberos realm.
Solution
Using a graphical user interface
Open the Active Directory Domains and Trusts snap-in.
In the left pane, right-click the domain you want to add a trust for and select Properties.
Click on the Trusts tab.
Click the New Trust button.
After the New Trust Wizard opens, click Next.
Type the name of the Kerberos realm.
Select the radio button beside Realm Trust and click Next.
Select either Transitive or Nontransitive and click Next.
Select Two-way, One-way incoming, or One-way outgoing and click Next.
Enter and retype the trust password and click Next.
Click Next and click Finish.
Using a command-line interface
> netdom trust <ADDomainDNSName> /Domain:<KerberosRealmDNSName>[RETURN] /Realm /ADD /PasswordT:<TrustPassword>[RETURN] [/UserO:<ADDomainAdminUser> /PasswordO:*]
The <TrustPassword>
has to match what was set on the Kerberos
side. To create a realm trust from the rallencorp.com domain to the Kerberos realm
called kerb.rallencorp.com, use
the following command:
> netdom trust rallencorp.com /Domain:kerb.rallencorp.com[RETURN] /Realm /ADD /PasswordT:MyKerbRealmPassword[RETURN] /UserO:administrator@rallencorp.com /PasswordO:*
Discussion
You can create a Kerberos realm trust between an Active Directory domain and a non-Windows Kerberos v5 realm. A realm trust can be used to allow clients from the non-Windows Kerberos realm to access resources in Active Directory, and vice versa. See Recipe 18.7 ...