![]() ![]() The client is able to ping the server's hostname, so the DNS server is pointing to the domain server.īelow is my krb5. Unfortunately, I cannot find any one else via Google searches that have experienced this exact error, so I have no idea what it means. Of course the easiest explanation would be that the password in the keytab file is wrong. Realm not local to KDC while getting initial credentials. Calling kinit with an service AD account succeeds, if the password is provided to kinits password prompt, but fails when using a keytab file with the very same password. ![]() The command I am running is: kinit This command returns the following error: I am following the official Ubuntu guide to set up a Kerberos client here:, but I have encountered a problem when running the kinit command to connect to the domain server. Is the EXAMPLE.I am setting up a testbed environment where Linux (Ubuntu 10.04) clients will authenticate to a Windows Server 2008 R2 Domain Server.Such a error says that the server is not reachable. kinit: krb5_get_init_creds: unable to reach any KDC in realm EXAMPLE.COM There are many possible reason why you can’t get a ticket. Ticket flags: pre-authent, initial, renewable, forwardableĪs we can see, we have obtained a ticket which will expire 6 hours after its creation, which can be renexed for 7 days, encrypted using AES-128 algorithm, ticket that can be used by the TGS. We will use the klist tool for that : $ klist -v Now, let’s check that we have correctly obtained a ticket. ![]() If you’ve get some, see later in this chapter. Now we’re ready to try and get a ticket from the KDC, first we become the new user and run the ‘kinit’ command which is used to obtain and cache our Kerberos ticket. His password is ‘secret’) $ kinit for should not get any error. This is not technically required, we should be able to kinit from another user however for consistency we’ll use this account. Send bug-reports to you have to configure the nf file (it can be found in /etc/nf, if not just add it).Ī minimal /etc/nf file looks as follows (make sure the port and host name matches!): Ĭheck that the Kerberos sevrer is started, then try to get a ticket from a user that exists in the base (here, we use hnelson, which is a user we created for test purposes. You can check that by typing kinit in a console : $ kinit -versionĬopyright 1995-2010 Kungliga Tekniska Högskolan ![]() You first have to make sure kinit is installed. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |