Kerberos <-> Active Directory Error: Reply did not match expectations

slaindevil · 01-29-2009, 02:04 AM

Hey there,

I got the following scenario:

I am working in a little firm and we got an Windows 2003 Server with Active Directory to authenticate at our computers...

Now we set up a TWiki installation on a Linux server...

My goal is, to use the Active Directory to authenticate at the TWiki. I also found serveral manuals on how to do that...

I installed the kerberos package on the linux server and configured it, but when I enter kinit username@DOMAIN-1 and then my password, I only get the following error message:

kdc reply did not match expectations while getting initial credentials

I also found this thread here on my search for help: http://www.linuxquestions.org/questi...ations-445698/

But it did not help me

I tried several combinations of uppercase, lowercase, etc...

Here comes my current krb5.conf:

Code:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmin.log

[libdefaults]
 default_realm = DOMAIN-A
 dns_lookup_realm = false
 dns_lookup_kdc = false
 forwardable = yes
 ticket_lifetime = 24h

[realms]
 DOMAIN-A = {
  kdc = winserv.to.go.lan:88
  admin_server =  winserv.to.go.lan:749
  default_domain = DOMAIN-A
 }

[domain_realm]
 .domain.lan = DOMAIN-A
 domain.lan = DOMAIN-A

[appdefaults]
 pam = {
   ticket_lifetime = 36000
   renew_lifetime = 36000
   debug = false
   krb4_convert = false
   forwardable = true
 }

The domain, ports and server adresses are just an example, but this is mainly the way it looks / is formatted...

Someone got a hint for me or even a complete problem solution?

I really would appreciate it

Greets,
slain

Edit:
Problem solved... Now I got the next problem