[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using heimdal to connect to win2003 AD...kinit error message.



 
Hello,
 
i'm pretty new to kerberos and i try to use linux with samba with authentication via windows 2003 Active Directory.
 
my windows 2003 server and linux server are IN the company and no firewalls are passed in this communication, two systems side by side
 
this is my krb5.conf (which i need just to work, right ?)
 

[libdefaults]
        default_realm = TEST.LOCAL
#       default_etypes  = des-cbc-crc des-cbc-md5
#       default_etypes_des      = des-cbc-crc des-cbc-md5
 
# The following krb5.conf variables are only for MIT Kerberos.
        clockskew = 300
#       krb4_config = /etc/krb.conf
#       krb4_realms = /etc/krb.realms
#       kdc_timesync = 1
#       ccache_type = 4
#       forwardable = true
#       proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code
# are correct and overriding these specifications only serves to disable
# new encryption types as they are added, creating interoperability problems.
#       default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
#       default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
#permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
 
# The following libdefaults parameters are only for Heimdal Kerberos.
#       v4_instance_resolve = false
#       v4_name_convert = {
#               host = {
#                       rcmd = host
#                       ftp = ftp
#               }
#               plain = {
#                       something = something-else
#               }
#       }
 
[realms]
SEARO.LOCAL = {
         kdc = SERVER1.TEST.LOCAL
#        admin_server = 192.168.0.10
}
 
 
i also added that server in my hosts file so that it can find it.
when i do a ping to the fqdn, i get positive respons.
 
 
 
 
this is my ldap.conf configuration:
 
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#
 
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
 
#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
 
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
host    192.168.0.10
base    dc=TEST,dc=LOCAL
 
 
 

 
 
THEN:
 
when i do
 
primsquid:/# kinit Administrator@TEST.LOCAL
Administrator@TEST.LOCAL's Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
kinit: converting creds: Cannot contact any KDC for requested realm
primsquid:/#
 
 
why do i get:
 
kinit: converting creds: Cannot contact any KDC for requested realm
 
if i could resolve that, i would be a step closer by the solution.
 
 
thnx!
Verus.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

[domain_realm]
#       server1.searo.local = SEARO.LOCAL
        server1.searo.local = SEARO.LOCAL
 
#[login]
#       krb4_convert = true
#       krb4_get_tickets = true