HOWTO: Server 2003 as Slave KDC

Can someone point me to a cookbook document for setting up a server 2003 machine as a slave KDC? All I can find is documentation for making it a master. TIA.

 

What sort of problems are you having? Propagation down to the 2003 box?

Any good clues in the log files?

Any ideas Here that might help? Not 2003 stuff but ....

 

Thanks for the reply. The main problem I am having is I don't know where to even start. Like where is the KDC database and where are the krb5 tools? I am guessing, based on the documentation, that I have to access it through the server admin tools but I can only find where to set the policy not where to initialize the KDC, add principals, etc.

Oh, in case you haven't guessed, I'm a Unix admin more then Windows so if you can talk in Unix equivalents it would be a big help.

 

After lots of searching I found where they hide the kerberos commands on the CD and installed them. Now I need to know how to create a slave KDC. Since this server is a domain controller it won't let me change the realm. Did I set up the server wrong initially?

 

Take another look at the article in the link in my first response. The initial page is mostly to give you background but the first reply may just have the exact answer for you.

 

Sorry if I seem dense but I guess I am not following the right links. There was info on Unix (specifically Panther) but nothing on server 2003 as a slave KDC. All I coudl find was the same thing I have found everywhere else. Server 2003 as a master KDC and everything else in the world as slave which is just backwards from what I need.

 

It may be me who is dense. Kerberos is not an area I'm particularly familiar with.

But my understanding is that if you are running an AD with 2000 and/or 2003 servers, you have a similar situation with Kerberos that you do with Domain Controllers - they are more or less equals and share the load. I'm not sure the classic Master/Slave KDC model applies.

Every Windows 2000/2003 DC runs a KDC service and hosts a portion of the AD (the centralized authentication database).

 

There's the rub. The master KDC is a Unix server. I need to set up the 2003 machine to accept kprop updates from the master.