Trying to put an Ubuntu laptop into a Windows 2003 domain
Douglas E. Engert
deengert at anl.gov
Mon Dec 15 11:41:19 EST 2008
Nicolas Michel wrote:
> Hi everyone,
>
> I'm trying to put my laptop on Ubuntu into a Microsoft domain.
> After editing /etc/krb5.conf, I tried to get a ticket with kinit but
> there is the error message :
> kinit(v5): KDC reply did not match expectations while getting initial
> credentials
>
> What does this error mean exactly?
It says the response from the KDC is not what it expected.
>
> Here is my krb5.conf (I know the dns is strangly configured, I'm not the
> one who has configure it ...) :
Kerberos realms are usually based on the upper case name of a DNS domain.
This gives uniqueness. Your name is PCS. AD will let you use a short
name, but Kerberos wants the full name, like PCS.MYDOMAIN.DE. So you true
the full name of the AD domain.
So DNS may have resolved the srv01 name to a FQDN, and the request may have
been sent using the realm PCS, but I bet the response had something
was returned with the realm PCS.MYDOMAIN.DE.
Use FQDNs if possible. The pcs.local looks like it is not a FQDN.
>
> [logging]
> default = SYSLOG:INFO:DAEMON
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = PCS
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> PCS = {
> kdc = srv01
> admin_server = srv01
> default_domain = pcs.local
> }
>
> [domain_realm]
> .pcs.local = PCS
> pcs.local = PCS
>
> I searched on the web but did not found something to solve the problem.
> A little help could be so nice.
> Thx.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list