[37518] in Kerberos
ubuntu16.04 and /etc/krb5.conf
daemon@ATHENA.MIT.EDU (Giuseppe Mazza)
Wed Jun 15 12:10:15 2016
To: "kerberos@MIT.EDU" <kerberos@mit.edu>
From: Giuseppe Mazza <g.mazza@imperial.ac.uk>
Message-ID: <57617DD4.4050901@imperial.ac.uk>
Date: Wed, 15 Jun 2016 17:09:56 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi there,
I have got the following setup:
1] ubuntu linux clients
2] windows domain controllers IC.AC.UK
ubuntu kerberos servers DOC.IC.AC.UK
trust relationship between the two domains
Users are created on the windows dc's and can login on linux clients.
In ubuntu14.04 I do not have to declare explicitly in my /etc/krb5.conf
the windows dc's, i.e. I do not need to write something like:
IC.AC.UK = {
default_domain = ic.ac.uk
kdc = dc1.ic.ac.uk
kdc = dc2.ic.ac.uk
}
And it works.
In ubuntu 16.04 I have noticed I need it. If I do not declare it
explicitly, I will not be able to login (for example or graphically or
via ssh).
If I use the following command on a linux ubuntu 16.04 client
host -t SRV _kerberos._udp.ic.ac.uk.
shows the list of dc's.
I can also get a ticket by using kinit username@IC.AC.UK.
However I can not ssh username@_ubuntu16.04host_
It keeps on offering me the password prompt.
Regards,
Giuseppe
P.S.
I can always declare my DCs in /etc/krb5.conf. This is not a problem.
I wanted just to know whether it is possible to avoid that.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos