Centos 8 + Windows domain authentication

Posted on August 19, 2020  •  2 minutes  • 214 words  •  Suggest Changes

How complex is joining a windows domain to authenticate on a Centos 8 server? very freaking hard. Welcome in 2020, everything is on fire and we are still locked up.

This is a collection of debug attempts to get my Proxmox container, test Centos 8 server authenticate against a domain. For ssh access.

kinit issues

normal use :

[email protected]:/home/svenn# kinit [email protected]
Password for [email protected]: 
(no output)

[email protected]:/home/svenn# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting       Expires              Service principal
03/24/2022 13:59:46  03/24/2022 23:59:46  krbtgt/AD.DO[email protected]
        renew until 03/25/2022 13:59:44

Invalid UID in persistent keyring

kinit: Invalid UID in persistent keyring name while getting default ccache

Solution : comment

# default_ccache_name = KEYRING:persistent:%{uid}

in /etc/krb5.conf by brunowego

note : this solution from RedHat, is just a syntax error. (not a real solution)

KDC reply did not match expectations while getting initial credentials

This happened during test of kinit -v

kinit -V [email protected]
Using default cache: /tmp/krb5cc_0
Using principal: [email protected]
Password for  [email protected]
kinit: KDC reply did not match expectations while getting initial credentials

The issue was here I had to use AD.DOMAIN.COM

source

Password incorrect while getting initial credentials

wrong password during kinit -v [email protected]

klist

Ticket cache: FILE:/tmp/krb5cc_0  
Default principal: [email protected]

Valid starting Expires Service principal  
08/19/2020 16:50:08 08/20/2020 02:50:08 krbtgt/[email protected]  
renew until 08/25/2020 16:50:08