Centos 8 + Windows domain authentication
Posted on August 19, 2020 • 2 minutes • 214 words • Suggest Changes
How complex is joining a windows domain to authenticate on a Centos 8 server? very freaking hard. Welcome in 2020, everything is on fire and we are still locked up.
This is a collection of debug attempts to get my Proxmox container, test Centos 8 server authenticate against a domain. For ssh access.
kinit issues
normal use :
[email protected]:/home/svenn# kinit [email protected]
Password for [email protected]:
(no output)
[email protected]:/home/svenn# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
03/24/2022 13:59:46 03/24/2022 23:59:46 krbtgt/AD.DO[email protected]
renew until 03/25/2022 13:59:44
Invalid UID in persistent keyring
kinit: Invalid UID in persistent keyring name while getting default ccache
Solution : comment
# default_ccache_name = KEYRING:persistent:%{uid}
in /etc/krb5.conf
by brunowego
note : this solution from RedHat, is just a syntax error. (not a real solution)
KDC reply did not match expectations while getting initial credentials
This happened during test of kinit -v
kinit -V [email protected] Using default cache: /tmp/krb5cc_0 Using principal: [email protected] Password for [email protected] kinit: KDC reply did not match expectations while getting initial credentials
The issue was here I had to use AD.DOMAIN.COM
Password incorrect while getting initial credentials
wrong password during kinit -v [email protected]
klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 08/19/2020 16:50:08 08/20/2020 02:50:08 krbtgt/[email protected] renew until 08/25/2020 16:50:08