Ubuntu Kerberos and Active Directory
Rohit Mehta
rohitm at engr.uconn.edu
Fri Sep 8 21:02:17 EDT 2006
> It's attempting to verify the credentials against a host keytab and can't
> find the Kerberos realm for the host. You can probably fix this by adding
> an appropriate mapping to the [domain_realm] section of your krb5.conf.
>
>
The domain_realm section of my krb5.conf looks like this:
[domain_realm]
.ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
AD.ENGR.UCONN.EDU should be my kerberos realm.
Perhaps the fact that I have a different domain (for NIS) in
/etc/domainname creates a problem?
> It's not necessary. The default behavior is to skip the check if you have
> no krb5.keytab file or if it contains no usable keys. However, the
> authentication will fail if it can't get even that far due to some other
> more basic problem, such as not being able to figure out the realm of the
> host.
>
That's good. I am not sure why it cannot figure out the realm though.
In fact, if I just
type "kinit username" it prompts me for the password for
"username at AD.ENGR.UCONN.EDU"
Perhaps it would be worthwhile to try identical steps in Debian Sarge?
(I'm not really sure how stable Ubuntu is, but I like that all my
hardware works in it with no fighting!)
Rohit
More information about the Kerberos
mailing list