[Samba] error trying to authenticate from Linux to AD
Gary Dale
gary at extremeground.com
Wed Apr 12 19:26:25 UTC 2023
I'm following the Debian wiki at
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory since it
seems to be the only one I can find and since I'm running
Debian/Bookworm on an AMD64 system. I'm in the section "Configure
Kerberos" which is near the start.
My /etc/krb5.con file (with most comments removed) is:
> # cat /etc/krb5.conf
> [logging]
> Default = FILE:/var/log/krb5.log
>
> [libdefaults]
> default_realm = HOME.RAHIM-DALE.ORG
> ticket_lifetime = 24000
> clock-skew = 300
> # The following libdefaults parameters are only for Heimdal Kerberos.
> fcc-mit-ticketflags = true
> rdns = false
> [realms]
> HOME.RAHIM-DALE.ORG = {
> kdc = dc1.home.rahim-dale.org
> admin_server = dc1.home.rahom-dale.org
> }
>
> [domain_realm]
> .rahim-dale.org = HOME.RAHIM-DALE.ORG
> rahim-dale.org = HOME.RAHIM-DALE.ORG
>
I've also tried it wiht Heimdal Kerberos parameters commented out. It
didn't make any difference. I get the same error. Web searches say this
is usually a result of capitalization errors in the .conf file, but it
seems OK to me.
> root at transponder:~# kinit Administrator at home.rahim-dale.org
> Password for Administrator at home.rahim-dale.org:
> kinit: KDC reply did not match expectations while getting initial
> credentials
>
The krb5.conf file on the DC is:
> [libdefaults]
> default_realm = HOME.RAHIM-DALE.ORG
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> HOME.RAHIM-DALE.ORG = {
> default_domain = home.rahim-dale.org
> }
>
> [domain_realm]
> dc1 = HOME.RAHIM-DALE.ORG
>
Any ideas on what I'm doing wrong?
More information about the samba
mailing list