You need the command line program called ksetup.exe. This program comes with the Windows Support Tools, available from either the installation CD-ROM (SUPPORT/TOOLS/SUPPORT.CAB), or from Microsoft web site. Starting from Windows 2008, it is already installed. This program is used to configure the Kerberos settings on a Workstation.
Ksetup store the domain information under the registry key:
Use the kadmin program in Heimdal to create a host principal in the Kerberos realm.
unix% kadmin kadmin> ank --password=password host/datan.example.com
The name `datan.example.com' should be replaced with DNS name of the workstation.
You must configure the workstation as a member of a workgroup, as opposed to a member in an NT domain, and specify the KDC server of the realm as follows:
C:> ksetup /setdomain EXAMPLE.COM C:> ksetup /addkdc EXAMPLE.COM kdc.example.com
Set the machine password, i.e. create the local keytab:
C:> ksetup /SetComputerPassword password
The password used in ksetup /setmachpassword must be the same as the password used in the kadmin ank command.
The workstation must now be rebooted.
A mapping between local NT users and Kerberos principals must be specified. You have two choices. First:
C:> ksetup /mapuser user@MY.REALM nt_user
This will map a user to a specific principal; this allows you to have other usernames in the realm than in your NT user database. (Don't ask me why on earth you would want that....)
You can also say:
C:> ksetup /mapuser * *
The Windows machine will now map any user to the corresponding principal, for example `nisse' to the principal `nisse@MY.REALM'. (This is most likely what you want.)