krb5 vs Windows trust relationships in AD
Garth T Kidd
garthk at gmail.com
Tue Nov 15 23:04:17 EST 2005
G'day, everyone.
I have a Fedora Core Linux box running kernel 2.6.11-1.1369_FC4smp,
and I'm having trouble authenticating against my Windows domain.
kinit -V user at DOMAIN.COM
yields:
kinit(v5): Cannot find KDC for requested realm while getting
initial credentials
... which I've Googled a lot without much success. There are a lot of
people asking questions, but not too many answers out there. Some
bloke on the #samba channel suggested I try this list instead.
When I run kinit I can see my box look up the SRV records for
_kerberos._udp.DOMAIN.COM and _kerberos._tcp.DOMAIN.COM, but then it
bombs. No other traffic heads out, in particular none to the hosts
nominated under kdc and admin_server in the realm's entry in the
[realms] section of /etc/krb5.conf.
Setting dns_lookup_realm = false and dns_lookup_kdc = false doesn't
seem to help.
Any ideas?
Where trust comes in: I can successfully authenticate against
OTHERDOMAIN.AU which trusts DOMAIN.COM, but haven't been able to
configure krb5 to authenticate DOMAIN.COM via OTHERDOMAIN.AU. If I
could do so, that'd save me having to get a machine account in
DOMAIN.COM.
Regards,
Garth.
More information about the krbdev
mailing list