How to remotely generate Windows AD Kerberos keytab from a Unix machine?

windows active-directory kerberos

Solution 1:

If you’re running a Linux system, or any SAMBA compatible system, you can use the net application to join the domain and remotely generate the keytab for you, and since you’re working in a “Kerberized” environment I would use Kerberos to make all the authentication.

First of all ask a Kerberos Ticket from the Windows KDC with any privileged account:

kinit Administrator

You can check if the ticket was successfully generated with klist and after the ticket creation, just join the domain using the net application:

net ads join createupn=host/[email protected] -k

When the procedure is complete, just ask the KDC to create a keytab:

net ads keytab create -k

You can finally check the keytab creation with klist -ke command if you’re using MIT Kerberos version.

Related

Changing MySQL data directory in Ubuntu Server 10.04
Disable usage of console-kit-daemon in Ubuntu
How to get nginx to redirect from www to non-www domain?
Wireless Signal Strength + Performance
How can I export all group policies to a easily-parseable format?
Ecs service doesn't update the task definition
domain redirection with virtualhost
Why does WireShark think this frame is a TCP segment of a reassembled PDU
5.5GB written daily to 1.2GB root volume - 4 times previous levels
Mapping USB drive direct to libvirt KVM virtual machine?
Linux to Linux, 10 TB transfer?
Need help with some IIS7 web.config compression settings