[31074] in Kerberos
cannot kinit to AD realm using alternative dns name
daemon@ATHENA.MIT.EDU (Mchugh, Sean)
Thu May 7 20:02:08 2009
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 7 May 2009 20:02:06 -0400
Message-ID: <DDC42FE5FB7EFA489717B14AB2AAB36D0412848F@ex-777-02.ggg.grey.global>
From: "Mchugh, Sean" <SMchugh@grey.com>
To: <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Looking for some advice on how to proceed or if anyone has had the same
issue; google hasn't come to my rescue yet:
Our Active Directory 2003 domain is called: GGG.LOCAL
Our userprincipalnames are setup to match our smtp address, in this case
username@grey.com
I can kinit successfully with: username@GGG.LOCAL
But not with: username@grey.com _or_ username@ggg.local ; error message
is: "kinit(v5): KRB5 error code 68 while getting initial credentials"
Running Centos 5.2 with the following krb5 packages installed:
krb5-libs-1.6.1-31.el5_3.3
pam_krb5-2.2.14-1.el5_2.1
pam_krb5-2.2.14-1.el5_2.1
krb5-libs-1.6.1-31.el5_3.3
krb5-workstation-1.6.1-31.el5_3.3
krb5-devel-1.6.1-31.el5_3.3
Following SRV record was manually added: _kerberos._tcp.grey.com 0 100
88 dc.ggg.local.
Following is /etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = GGG.LOCAL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[domain_realm]
.ggg.grey.global = GGG.LOCAL
ggg.grey.global = GGG.LOCAL
.grey.com = GGG.LOCAL
grey.com = GGG.LOCAL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
validate = true
}
Sean McHugh
VP, Dir. of Global Services
Grey Group
p. 212-546-1926
m. smchugh@grey.com
c. 917-916-8644
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
