This article describes how to obtain the Kerberos Realm and DNS Names in Active Directory and Open Directory, respectively.
To obtain the Kerberos Realm and DNS Names in Active Directory, perform the following steps:
- Open Programs- > Administrative Tools- > Active Directory Management.
- Choose Active Directory Domains and Trusts.
- The Active Directory domain names are listed.
The Active Directory domain name is also the corresponding Kerberos realm name and DNS domain name. Pick the domain you want to join the mailserver to. Always use the Kerberos realm name in upper case letters and the DNS domain name in lower case letters.
The Kerberos realm name and DNS domain name will already be known if it was necessary to setup Open Directory for Kerberos .
If Open Directory is already running Kerberos, then use the following process:
- Open a terminal as an admin user
- Enter the following command:
sudo grep -A 2 domain_realm /Library/Preferences/edu.mit.Kerberos
tiger:~ root# grep -A 2 domain_realm /Library/Preferences/edu.mit.Kerberos [domain_realm] .example.mac = TIGER.EXAMPLE.MAC example.mac = TIGER.EXAMPLE.MAC tiger:~ root#
In this example, The DNS domain name is on the left of the equals (=) symbol, and the Kerberos realm name is on the right.
Always use upper case letters when referring to the Kerberos realm name even if you've seen it in lower case letters on the server. Always use lower case letters when referring to the DNS domain name. It prevents confusion since they are often the same in many networks.