help with Active Directory Kerberos authentication
Christopher D. Clausen
cclausen at acm.org
Tue Oct 10 19:26:49 EDT 2006
Russ Allbery <rra at stanford.edu> wrote:
> Rohit Kumar Mehta <rohitm at engr.uconn.edu> writes:
>> debug1: Miscellaneous failure
>> No principal in keytab matches desired name.
>>
>> My krb5.keytab looks like this:
>> nfsv4etch:~# ktutil
>> ktutil: rkt /etc/krb5.keytab
>> ktutil: l
>> slot KVNO Principal
>> ---- ----
>> ---------------------------------------------------------------------
>> 1 4 host/nfsv4etch.engr.uconn.edu at AD.ENGR.UCONN.EDU
>>
>> Does that look like it's generated properly?
>
> I've run into this problem before (not with AD, but with MIT
> Kerberos) and haven't been able to figure out what was causing it.
> My theory was some sort of realm configuration mismatch, but I'm not
> at all sure.
What does hostname (or hostname -f) return on your computer?
And then do an IP lookup on that. If it resolves to a 127.*.*.* address
its not likely to work.
<<CDC
More information about the Kerberos
mailing list