You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/bastion/kerberos-authentication-portal.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -417,14 +417,14 @@ This template does the following:
417
417
- Bastion, Bastion-ip
418
418
- ClientVM, ServerVM
419
419
- Have the DNS Server of the VNET point to the private IP address of the Server-vm (domain controller). This is required for the target ClientVM to successfully domain-join to the Domain Controller (ServerVM).
420
-
- Runs a Custom Script Extension on the ServerVM to promote it to a domain controller with domain name: `<domain-name-specified-in-deployment.json-file>`
420
+
- Runs a Custom Script Extension on the ServerVM to promote it to a domain controller with domain name: `bastionkrb.test`
421
421
- Runs a Custom Script Extension on the ClientVM to have it:
422
422
-**Restrict NTLM: Incoming NTLM traffic** = Deny all domain accounts (this is to ensure Kerberos is used for authentication)
423
-
- Domain-join the `<domain-name-specified-in-deployment.json-file>` domain
423
+
- Domain-join the `bastionkrb.test` domain
424
424
425
425
Login to ClientVM using Bastion with Kerberos authentication:
426
426
- Make sure to have the `Kerberos` feature enabled on the bastion
427
-
- Login to ClientVM with Bastion using credentials: username = `serveruser@<domain-name-specified-in-deployment.json-file>` and password = `<password-used-in-deployment.json>`
427
+
- Login to ClientVM with Bastion using credentials: username = `serveruser@bastionkrb.test` and password = `<password-used-in-deployment.json>`
0 commit comments