Hi all,
I've followed the sssd page for connecting RHEL 6 to a Windows 2008 for authentication. It works on all our servers except one, and I'm getting confused. I've even gone as far as to clone a working VM and rename, give it a new ip address, etc. and even after that it still doesn't work (but just on that one machine).
When I run kinit -k host/server.ad.domain.com@AD.DOMAIN.COM I get the following message:
kinit: Cannot find KDC for requested realm while getting initial credentials
Whereas on other servers running that same command just works.
Has anyone experienced this before? All server are configured the same but one server doesn't work. Here is my krb5.conf file, and the commands I used to generate the keytab. I can post logs I'll just have to sanitize them first.
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
default_realm = AD.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
rdns = false
forwardable = yes
[realms]
[domain_realm]
setspn -A host/server.ad.domain.com@AD.DOMAIN.COM server
setspn -L server
ktpass /princ host/server.ad.domain.com@AD.DOMAIN.COM /out server-host.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -desonly /mapuser CNOC\server$ /pass *
Any help would be greatly appreciated.