Next: Encryption types, Previous: Inter-Realm keys (trust) between Windows and a Heimdal KDC, Up: Windows compatibility [Contents]
Start the Active Directory Users and Computers
tool. Select the
View menu, that is in the left corner just below the real menu (or press
Alt-V), and select Advanced Features. Right click on the user that you
are going to do a name mapping for and choose Name mapping.
Click on the Kerberos Names tab and add a new principal from the non-Windows domain.
This adds ‘authorizationNames’ entry to the users LDAP entry to the Active Directory LDAP catalog. When you create users by script you can add this entry instead.