Hello all,
I wasn't sure who to reply to so here goes. I have tried an alternative method of
kinit arguments, and received a ticket back this time. I just wanted to mention it and
show the output, even though it seems now that I may want to use the Samba tools to do
these steps anyway.
Here it is, sanitized.
client = Linux Debian sssd client
domain.local is the AD domain
kinit -k 'host/client.domain.local(a)DOMAIN.LOCAL'
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/client.domain.local(a)DOMAIN.LOCAL
Valid starting Expires Service principal
12/18/13 17:06:16 12/19/13 03:06:14 krbtgt/DOMAIN.LOCAL(a)DOMAIN.LOCAL
renew until 12/25/13 17:06:16
Bryan
On Dec 17, 2013, at 06:54 PM, Bryan Harris <bryanlharris(a)me.com> wrote:
Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a
2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd
to authenticate with a Windows 2008 Domain Server" found on the sssd website on
fedorahosted.org. Here is the
link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authen...
I'm at the step where I run kinit -k CLIENT$(a)AD.EXAMPLE.COM. Unfortunately it's
not working for me.
When I run the command on the client I get this:
kinit: Client not found in Kerberos database while getting initial credentials
The Windows server is running Windows 2008 R2, for forest functional level I selected 2008
R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke :
root@client:~# klist -ke
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 host/server.domain.local(a)DOMAIN.LOCAL (DES cbc mode with CRC-32)
5 host/server.domain.local(a)DOMAIN.LOCAL (DES cbc mode with RSA-MD5)
5 host/server.domain.local(a)DOMAIN.LOCAL (ArcFour with HMAC/md5)
5 host/server.domain.local(a)DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC)
5 host/server.domain.local(a)DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
I had a similar problem a while back, and I even mailed the list for help. In that case
however, I was able to get things to work by simply re-running the setspn and ktpass
commands. However, that workaround is not fixing the issue this time.
Any help would be greatly appreciated.
Bryan
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users