KRB5 against Win2003

Douglas E. Engert deengert at anl.gov
Thu Dec 23 10:34:40 EST 2004



Rainer Budde wrote:

> Hi,
> 
> I want to use Kerberos on a SuSE 9.1 system to authentificate against a
> Win2003 Server. I modified the configuration file like this:
> 
> -------------------------------
> [libdefaults]
>         default_realm = PRODAS.LOCAL
>         clockskew = 300
> 
> [realms]
>         PRODAS.LOCAL = {
> #               kdc = PDS-AD.PRODAS.LOCAL

Uncomment the above line.

> #               admin_server = MY.COMPUTER
> #               kpasswd_server = MY.COMPUTER
>         }
> #       OTHER.REALM = {
> #               kdc = OTHER.COMPUTER
> #       }
> 
> [domain_realm]
>         PDS-AD.PRODAS.LOCAL = PRODAS.LOCAL
> 
> [logging]
>         default = SYSLOG:NOTICE:DAEMON
>         kdc = FILE:/var/log/kdc.log
>         kadmind = FILE:/var/log/kadmind.log
> 
> [appdefaults]
>         pam = {
>                 ticket_lifetime = 1d
>                 renew_lifetime = 1d
>                 forwardable = true
>                 proxiable = false
>                 retain_after_close = false
>                 minimum_uid = 0
>                 debug = false
> --------------------------------
> 
> If I use "kinit ADMINISTRATOR at PRODAS.LOCAL" i´ll get the following message:
> 
> ----------------
> kinit: krb5_get_init_creds: unable to reach any KDC in realm PRODAS.LOCAL
> ----------------
> 
> My domain is "prodas". The hostname is "pds-ad.prodas.local". Is
> PRODAS.LOCAL the correct realm??? Does anybody know whats wrong??

The client needs the KDC name either from the krb5.conf file or
via DNS SRV records.

> 
> Best regards
> 
> Rainer
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list