I’ve been working on creating a LDAP/Kerberos lab for a while now. The idea being that once I get it all working I can start trying out how to make it play nicely with Active Directory.

These articles have gotten me started:

The following command can be used to bind to Active Directory and search: ldapsearch -b ‘dc=domain,dc=com’ -D ‘domain\user’ -W -x

These tools are helpful in troubleshooting kerberos: kinit - Request a ticket from the KDC klist - List the tickets that you have been issued klist -k - List the SPNs that are configured in your keytab file

Command for creating Keytab: ktpass /princ host/servername@domain.com /mapuser servername@domain.com /pass Pa$$Word123456 /out c:\krb5.keytab /crypto all /ptype KRB5_NT_PRINCIPAL

Command for creating mod_auth_kerb Keytab: ktpass /princ HTTP/servername@domain.com /mapuser servername@domain.com /pass Pa$$Word123456 /out c:\mod_auth_kerb.keytab /crypto all /ptype KRB5_NT_PRINCIPAL