[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using heimdal to connect to win2003 AD...kinit error message.

To: <heimdal-discuss@sics.se>
Subject: using heimdal to connect to win2003 AD...kinit error message.
From: "Philippe Dhont (Sea-ro)" <philippe.dhont@searo.be>
Date: Sat, 15 Oct 2005 00:41:54 +0200
Sender: owner-heimdal-discuss@sics.se
thread-index: AcXREHm/5q9waw6WRj6MufS4vV5G7w==
Thread-Topic: using heimdal to connect to win2003 AD...kinit error message.

Hello,

i'm pretty new to kerberos and i try to use linux with samba with authentication via windows 2003 Active Directory.

my windows 2003 server and linux server are IN the company and no firewalls are passed in this communication, two systems side by side

this is my krb5.conf (which i need just to work, right ?)

[libdefaults]
        default_realm = TEST.LOCAL
#       default_etypes = des-cbc-crc des-cbc-md5
#       default_etypes_des      = des-cbc-crc des-cbc-md5

# The following krb5.conf variables are only for MIT Kerberos.
        clockskew = 300
#       krb4_config = /etc/krb.conf
#       krb4_realms = /etc/krb.realms
#       kdc_timesync = 1
#       ccache_type = 4
#       forwardable = true
#       proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code
# are correct and overriding these specifications only serves to disable
# new encryption types as they are added, creating interoperability problems.
#       default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
#       default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
#permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5

# The following libdefaults parameters are only for Heimdal Kerberos.
#       v4_instance_resolve = false
#       v4_name_convert = {
#               host = {
#                       rcmd = host
#                       ftp = ftp
#               }
#               plain = {
#                       something = something-else
#               }
#       }

[realms]
SEARO.LOCAL = {
kdc = SERVER1.TEST.LOCAL
# admin_server = 192.168.0.10
}

i also added that server in my hosts file so that it can find it.

when i do a ping to the fqdn, i get positive respons.

this is my ldap.conf configuration:

# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
host    192.168.0.10
base    dc=TEST,dc=LOCAL

THEN:

when i do

primsquid:/# kinit Administrator@TEST.LOCAL
Administrator@TEST.LOCAL's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
kinit: converting creds: Cannot contact any KDC for requested realm
primsquid:/#

why do i get:

kinit: converting creds: Cannot contact any KDC for requested realm

if i could resolve that, i would be a step closer by the solution.

thnx!

Verus.

[domain_realm]
# server1.searo.local = SEARO.LOCAL
server1.searo.local = SEARO.LOCAL

#[login]
# krb4_convert = true
# krb4_get_tickets = true

Follow-Ups:
- Re: using heimdal to connect to win2003 AD...kinit error message.
  - From: Buck Huppmann <buckh@pobox.com>

Prev by Date: Re: Easiest way to get service ticket after obtaining tgt
Next by Date: Re: using heimdal to connect to win2003 AD...kinit error message.
Prev by thread: Re: [PATCH] Should we avoid DNS for short names?
Next by thread: Re: using heimdal to connect to win2003 AD...kinit error message.
Index(es):
- Date
- Thread