Problems with my kerberos config
Maxime Pejot
maxime.pejot at mckesson.fr
Thu Apr 21 11:39:21 EDT 2005
Hello, and at first I apologize for my ignorance.
I have encountered some problems with my Kerberos 5 configuration.
I'd like to use an AD authentication base on my LINUX server.
Here is my configuration file krb5.conf :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DOMAIN
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN = {
kdc = XX.XX.XX.XX:88
admin_server = kerberos.example.com:749
default_domain = domain (I tried DOMAIN too...)
}
[domain_realm]
.domain = DOMAIN
domain = DOMAIN
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 87000
forwardable = true
krb4_convert = false
}
I think I am right with that, but as I type the command:
# /usr/Kerberos/bin/kinit Nuser at DOMAIN
I get the password prompt, I enter it (respecting the case), and I get
this error :
KDC reply did not match expectations while getting initial credentials.
I don't know what it means. I tried lots of stuffs, like Caps changing
in domain name, realm and nuser, but it doesn't work
Thanks by advance for your help and understanding
Max.
More information about the Kerberos
mailing list