I had few questions on Kerberos setup.
I tested IWA NTLM successfully. But we wanted to configure Kerberos also.
AD DC: Windows 2008 R2
Policy server: R12.5 on Linux 6.3
IIS web server: windows 2008 R2, IIS7.5 with r12.5 agent.
1. Windows web server service account creation is fine. And also we are able to login with this account into DC and also into windows server which is hosting IIS.
2. Policy server service account. We can login to DC with this account. But not to policy server host.
I assume this is fine. In one of the CA document, it was mentioned that synch the password of this account with linux account used to login to PS host for install etc.
Is this required?
CA document snippet:
A. Create a user, for example, sol8psuser, with the same password used for creating a service account for the Policy Server host (sol8ps) in Active Directory.
B. Add the host to the test.com domain and login to host with user sol8psuser.
3. Also merging keytab files containing the host principal and service principal names for the Policy Server host is required if PS is in Lnux?
4. Any difference in generating keytab if policy server in windows or unix?
Thanks and Regards,