Solved

kdc reply did not match expectations while getting initial credentials

Posted on 2011-09-16
1
1,825 Views
Last Modified: 2013-12-16
I'm trying to setup a Redhat Enterprise version 4 server to act as a samba file server for a windows 2000 domain.  I've looked through the previous posts and think that I've got most everything done correctly.  But I still get this error when I try to run this command:
kinit administrator
password for administrator@COM2000: *****
kinit(v5): kdc reply did not match expectations while getting initial credentials

If I type in an incorrect password I get a "Preauthentication failed..." message, so I'm sure I'm talking to the right server.

I've checked the server time and the linux time and they are within 30 seconds of each other.
I think I've got all the names in uppercase where they need to be.

We have a slightly complicated setup that may be part of the confusion.  The domain realm is company.net  but the Kerberos realm is COM2000.  That is you can find the server by pinging server1.company.net but when you log in the domain is COM2000

The relevant parts of the krb5.conf file are:
[libdefaults]
 default_realm = COM2000
 dns_lookup_realm = true
 dns_lookup_kds = true

[realms]
  COM2000 = {
    kdc = SERVER1.COMPANY.NET:88
   admin_server = SERVER1.COMPANY.NET
  default_domain = COM2000
}

[domain_realm]
  .company.net = COM2000
  company.net = COM2000

I'm not sure what the next steps are to get this working.  Any ideas?
0
Comment
Question by:geekdad1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 1

Accepted Solution

by:
geekdad1 earned 0 total points
ID: 36551111
Well I figured it out.  I had the domain realm and kerberos realm backwards.  When I started trying to login using COMPANY.NET everything started working.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question