I am setting up a testbed environment where Linux (Ubuntu 10.04) clients will authenticate to a Windows Server 2008 R2 Domain Server.
I am following the official Ubuntu guide to set up a Kerberos client here: https://help.ubuntu.com/community/Samba/Kerberos, but I have encountered a problem when running the kinit
command to connect to the domain server.
The command I am running is: kinit Administrator@DS.DOMAIN.COM
. This command returns the following error:
Realm not local to KDC while getting initial credentials
. Unfortunately, I cannot find any one else via Google searches that have experienced this exact error, so I have no idea what it means.
The client is able to ping the server's hostname, so the DNS server is pointing to the domain server.
Below is my krb5.conf file:
[libdefaults]
default = DS.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc true
[realms]
DS.DOMAIN.COM = {
kdc = ds.domain.com:88
admin_server = ds.domain.com
default_domain = domain.com
}
[domain_realm]
.domain.com = DS.DOMAIN.COM
domain.com = DS.DOMAIN.COM
How can I correct these errors? I would greatly appreciate all help I can get!
Best Answer
Is your domain name
DS.DOMAIN.COM
or justDOMAIN.COM
?In your realms you need to have them match, so assuming that DS.DOMAIN.COM is your domain you need to change:
to
However, if you domain is really
DOMAIN.COM
you would need to change your krb5.conf to look like:And then you would
kinit
like so:kinit Administrator@DOMAIN.COM