Trying to put an Ubuntu laptop into a Windows 2003 domain

Douglas E. Engert deengert at anl.gov
Mon Dec 15 11:41:19 EST 2008



Nicolas Michel wrote:
> Hi everyone,
> 
> I'm trying to put my laptop on Ubuntu into a Microsoft domain.
> After editing /etc/krb5.conf, I tried to get a ticket with kinit but
> there is the error message :
> kinit(v5): KDC reply did not match expectations while getting initial
> credentials
> 
> What does this error mean exactly?

It says the response from the KDC is not what it expected.

> 
> Here is my krb5.conf (I know the dns is strangly configured, I'm not the
> one who has configure it ...) :

Kerberos realms are usually based on the upper case name of a DNS domain.
This gives uniqueness. Your name is PCS. AD will let you use a short
name, but Kerberos wants the full name, like PCS.MYDOMAIN.DE. So you true
the full name of the AD domain.

So DNS may have resolved the srv01 name to a FQDN, and the request may have
been sent using the realm PCS, but I bet the response had something
was returned with the realm PCS.MYDOMAIN.DE.

Use FQDNs if possible. The pcs.local looks like it is not a FQDN.
> 
> [logging]
>     default = SYSLOG:INFO:DAEMON
> 
> [libdefaults]
>     ticket_lifetime = 24000
>     default_realm = PCS
>     default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>     default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
>     dns_lookup_realm = false
>     dns_lookup_kdc = false
> 
> [realms]
>     PCS = {
>         kdc = srv01
>         admin_server = srv01
>         default_domain = pcs.local
> }
> 
> [domain_realm]
> .pcs.local = PCS
> pcs.local = PCS
> 
> I searched on the web but did not found something to solve the problem.
> A little help could be so nice.
> Thx.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list