On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote: > my domain name is===> baladia.local > Windows 2003 AD server computer name is====> kmun > > my /etc/krb5.conf file is > > ---- > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime=24000 > default_realm=BALADIA.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > BALADIA.LOCAL={ > kdc=172.16.2.227:88 > # admin_server=kmun.baladia.local:749 > default_domain=BALADIA.LOCAL > kdc=BALADIA.LOCAL > } You only need one kdc here. Choose one, comment/delete the other. > [domain_realm] > .baladia.local=BALADIA.LOCAL > baladia.local=BALADIA.LOCAL > > kerberos 88/udp kdc # Kerberos key server > kerberos 88/tcp kdc # Kerberos key server What are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them. > [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } kinit should work after making the changes above. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18