[30529] in Kerberos
Re: Trying to put an Ubuntu laptop into a Windows 2003 domain
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Mon Dec 15 11:42:01 2008
Message-ID: <494688AF.8010609@anl.gov>
Date: Mon, 15 Dec 2008 10:41:19 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: nicolas.michel@lemail.be
In-Reply-To: <1229081588.8367.7.camel@nm-laptop>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Nicolas Michel wrote:
> Hi everyone,
>
> I'm trying to put my laptop on Ubuntu into a Microsoft domain.
> After editing /etc/krb5.conf, I tried to get a ticket with kinit but
> there is the error message :
> kinit(v5): KDC reply did not match expectations while getting initial
> credentials
>
> What does this error mean exactly?
It says the response from the KDC is not what it expected.
>
> Here is my krb5.conf (I know the dns is strangly configured, I'm not the
> one who has configure it ...) :
Kerberos realms are usually based on the upper case name of a DNS domain.
This gives uniqueness. Your name is PCS. AD will let you use a short
name, but Kerberos wants the full name, like PCS.MYDOMAIN.DE. So you true
the full name of the AD domain.
So DNS may have resolved the srv01 name to a FQDN, and the request may have
been sent using the realm PCS, but I bet the response had something
was returned with the realm PCS.MYDOMAIN.DE.
Use FQDNs if possible. The pcs.local looks like it is not a FQDN.
>
> [logging]
> default = SYSLOG:INFO:DAEMON
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = PCS
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> dns_lookup_realm = false
> dns_lookup_kdc = false
>
> [realms]
> PCS = {
> kdc = srv01
> admin_server = srv01
> default_domain = pcs.local
> }
>
> [domain_realm]
> .pcs.local = PCS
> pcs.local = PCS
>
> I searched on the web but did not found something to solve the problem.
> A little help could be so nice.
> Thx.
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
