Issues getting Kerberos to work with realmd and Active Directory

Greg Hudson ghudson at mit.edu
Thu Jul 30 13:44:47 EDT 2020


On 7/30/20 1:00 PM, Wesley Taylor wrote:
> I am confused because when I run 'adcli update --verbose' it says it updated the keytab at /etc/krb5.keytab and outputs the same account name (which I am assuming is the principal for the computer) as adcli testjoin. I am really scratching my head about this, what am I doing wrong here?

It might help to send a transcript of the klist -k output and the kinit
commands.

Note that the case of principal names is significant on the MIT krb5
side, and generally isn't on Windows.

You can set the environment variable KRB5_TRACE to get additional
information about what commands are trying to do behind the scenes, e.g.
"KRB5_TRACE=/dev/stdout kinit -k host/hostname at REALM".


More information about the Kerberos mailing list