kinit: KDC reply did not match expectations while getting initial credentials while initializing krb5 authentication with AD
NFS vs SAN
https://www.slideshare.net/AshwinPawar/nas-vs-san
https://ontap-netapp.blogspot.com/
Ashwin Pawar
08448380779 Call Girls In Civil Lines Women Seeking Men
KDC reply did not match expectations while getting initial credentials
1. Issue:
kinit: KDC reply did not match expectations while getting initial
credentials while initializing krb5 authentication with AD
Symptom:
When trying to initialize krb5 authentication with AD, following error is
seen, irrespective of whether the domain name supplied in the
command is lower or upper case.
[root@redhatcentos /]# kinit administrator@test.com
Password for administrator@test.com:
kinit: KDC reply did not match expectations while getting initial
credentials
Or,
[root@redhatcentos /]# kinit administrator@TEST.COM
kinit: Cannot find KDC for requested realm while getting initial
credentials
Cause:
Domain name given the krb5.conf is of 'lower case'.
2. Resolution:
Change the Domain name to 'Upper case' as shown in the example
krb5.conf below:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
TEST.COM = {
kdc = win2k8r2.test.com
admin_server = win2k8r2.test.com
}
3. [domain_realm]
.demo = TEST.COM
demo = TEST.COM
Run the kinit command again with 'domain name' as 'upper case' and
verify the result.
*****************success***********************
[root@redhatcentos /]# kinit administrator@TEST.COM
Password for administrator@TEST.COM:
[root@redhatcentos /]#
*******************success***********************
ashwinwriter@gmail.com