KRB5 against Win2003
Douglas E. Engert
deengert at anl.gov
Thu Dec 23 10:34:40 EST 2004
Rainer Budde wrote:
> Hi,
>
> I want to use Kerberos on a SuSE 9.1 system to authentificate against a
> Win2003 Server. I modified the configuration file like this:
>
> -------------------------------
> [libdefaults]
> default_realm = PRODAS.LOCAL
> clockskew = 300
>
> [realms]
> PRODAS.LOCAL = {
> # kdc = PDS-AD.PRODAS.LOCAL
Uncomment the above line.
> # admin_server = MY.COMPUTER
> # kpasswd_server = MY.COMPUTER
> }
> # OTHER.REALM = {
> # kdc = OTHER.COMPUTER
> # }
>
> [domain_realm]
> PDS-AD.PRODAS.LOCAL = PRODAS.LOCAL
>
> [logging]
> default = SYSLOG:NOTICE:DAEMON
> kdc = FILE:/var/log/kdc.log
> kadmind = FILE:/var/log/kadmind.log
>
> [appdefaults]
> pam = {
> ticket_lifetime = 1d
> renew_lifetime = 1d
> forwardable = true
> proxiable = false
> retain_after_close = false
> minimum_uid = 0
> debug = false
> --------------------------------
>
> If I use "kinit ADMINISTRATOR at PRODAS.LOCAL" i´ll get the following message:
>
> ----------------
> kinit: krb5_get_init_creds: unable to reach any KDC in realm PRODAS.LOCAL
> ----------------
>
> My domain is "prodas". The hostname is "pds-ad.prodas.local". Is
> PRODAS.LOCAL the correct realm??? Does anybody know whats wrong??
The client needs the KDC name either from the krb5.conf file or
via DNS SRV records.
>
> Best regards
>
> Rainer
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list