Hello all,
I was wondering if someone would be able to help me track down where I went wrong with a 2008 R2 AD > Linux sssd configuration. I am following the guide "Configuring sssd to authenticate with a Windows 2008 Domain Server" found on the sssd website on fedorahosted.org. Here is the link: https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20...
I'm at the step where I run kinit -k CLIENT$@AD.EXAMPLE.COM. Unfortunately it's not working for me. When I run the command on the client I get this: kinit: Client not found in Kerberos database while getting initial credentials The Windows server is running Windows 2008 R2, for forest functional level I selected 2008 R2. The Linux server is running Debian 6.0.8. The version of sssd is 1.2.1-4+squeeze1.
Here is my output from klist -ke : root@client:~# klist -ke Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with CRC-32) 5 host/server.domain.local@DOMAIN.LOCAL (DES cbc mode with RSA-MD5) 5 host/server.domain.local@DOMAIN.LOCAL (ArcFour with HMAC/md5) 5 host/server.domain.local@DOMAIN.LOCAL (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/server.domain.local@DOMAIN.LOCAL (AES-128 CTS mode with 96-bit SHA-1 HMAC)
I had a similar problem a while back, and I even mailed the list for help. In that case however, I was able to get things to work by simply re-running the setspn and ktpass commands. However, that workaround is not fixing the issue this time.
Any help would be greatly appreciated. Bryan
sssd-users@lists.fedorahosted.org