Ubuntu Kerberos and Active Directory
Russ Allbery
rra at stanford.edu
Fri Sep 8 22:10:38 EDT 2006
Rohit Mehta <rohitm at engr.uconn.edu> writes:
>> It's attempting to verify the credentials against a host keytab and can't
>> find the Kerberos realm for the host. You can probably fix this by adding
>> an appropriate mapping to the [domain_realm] section of your krb5.conf.
> The domain_realm section of my krb5.conf looks like this:
> [domain_realm]
> .ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
> ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
> AD.ENGR.UCONN.EDU should be my kerberos realm.
> Perhaps the fact that I have a different domain (for NIS) in
> /etc/domainname creates a problem?
No, that won't matter.
What's failing is this call:
krb5_sname_to_principal(context, NULL, *service, KRB5_NT_SRV_HST, &princ);
with a service of "host". I don't understand why this call would be
failing with that error message when kinit is otherwise finding the right
realm.
> Perhaps it would be worthwhile to try identical steps in Debian Sarge?
> (I'm not really sure how stable Ubuntu is, but I like that all my
> hardware works in it with no fighting!)
I doubt you'll get any different behavior in Debian sarge. In Debian
etch, this function isn't used any more; instead, the native Kerberos
library function that does the same thing is called.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list