On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu <m3freak at thesandhufamily.ca> wrote: > On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote: >> my domain name is===> baladia.local >> Windows 2003 AD server computer name is====> kmun >> >> my /etc/krb5.conf file is >> >> ---- >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> [libdefaults] >> ticket_lifetime=24000 >> default_realm=BALADIA.LOCAL >> dns_lookup_realm = false >> dns_lookup_kdc = false >> >> [realms] >> BALADIA.LOCAL={ >> kdc=172.16.2.227:88 >> # admin_server=kmun.baladia.local:749 >> default_domain=BALADIA.LOCAL >> kdc=BALADIA.LOCAL >> } > > You only need one kdc here. Choose one, comment/delete the other. > >> [domain_realm] >> .baladia.local=BALADIA.LOCAL >> baladia.local=BALADIA.LOCAL >> >> kerberos 88/udp kdc # Kerberos key server >> kerberos 88/tcp kdc # Kerberos key server > > What are these "kerberos" lines for? Why have you put them here? They > don't belong - comment/delete them. > > >> [kdc] >> profile = /var/kerberos/krb5kdc/kdc.conf >> >> [appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> } > > kinit should work after making the changes above. > > Regards, > > Ranbir > > -- > Kanwar Ranbir Sandhu > Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux > 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18 > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > it would be so much easier if all configuration files were written in XML and by default would have an enforcing document type definition. Self commenting, would make sure syntax is correct, and further could ensure "grammar" is correct for the desired configuration. Namespaces can make XML less verbose;.