[38804] in Kerberos
Re: Issues getting Kerberos to work with realmd and Active Directory
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jul 30 13:47:26 2020
To: Wesley Taylor <wesley.taylor@numerica.us>,
"kerberos@mit.edu"
<kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <6fa64797-1df8-a272-385f-463b19c2000e@mit.edu>
Date: Thu, 30 Jul 2020 13:44:47 -0400
MIME-Version: 1.0
In-Reply-To: <CY1P110MB0456536BEFEE4C025B3FD469FA710@CY1P110MB0456.NAMP110.PROD.OUTLOOK.COM>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 7/30/20 1:00 PM, Wesley Taylor wrote:
> I am confused because when I run 'adcli update --verbose' it says it updated the keytab at /etc/krb5.keytab and outputs the same account name (which I am assuming is the principal for the computer) as adcli testjoin. I am really scratching my head about this, what am I doing wrong here?
It might help to send a transcript of the klist -k output and the kinit
commands.
Note that the case of principal names is significant on the MIT krb5
side, and generally isn't on Windows.
You can set the environment variable KRB5_TRACE to get additional
information about what commands are trying to do behind the scenes, e.g.
"KRB5_TRACE=/dev/stdout kinit -k host/hostname@REALM".
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
