On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu m3freak@thesandhufamily.ca wrote:
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false
[realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL }
You only need one kdc here. Choose one, comment/delete the other.
[domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server
What are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them.
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
kinit should work after making the changes above.
Regards,
Ranbir
-- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
it would be so much easier if all configuration files were written in XML and by default would have an enforcing document type definition. Self commenting, would make sure syntax is correct, and further could ensure "grammar" is correct for the desired configuration. Namespaces can make XML less verbose;.