Dear All,
this i feel is a little out of topic but really apprecite if someone can help
i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server ..
but am not able to do so .
i get the following error when i run kinit
kinit(v5): Improper format of Kerberos configuration file while
initializing Kerberos 5 library
i have the following packages installed on my linux box
[root at testproxy init.d]# rpm -qa | grep krb
krb5-devel-1.6.1-25.el5_2.2
krb5-workstation-1.6.1-25.el5_2.2
krb5-auth-dialog-0.7-1
krb5-libs-1.6.1-25.el5_2.2
pam_krb5-2.2.14-1.el5_2.1
rpm -qa|grep ntp
ntp-4.2.2p1-8.el5.centos.1
chkfontpath-1.10.1-1.1
root at testproxy init.d]# rpm -qa|grep samba
system-config-samba-1.2.39-1.el5
samba-client-3.0.28-1.el5_2.1
samba-common-3.0.28-1.el5_2.1
samba-3.0.28-1.el5_2.1
my domain name is===> baladia.local
Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
----
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime=24000
default_realm=BALADIA.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
BALADIA.LOCAL={
kdc=172.16.2.227:88
# admin_server=kmun.baladia.local:749
default_domain=BALADIA.LOCAL
kdc=BALADIA.LOCAL
}
[domain_realm]
.baladia.local=BALADIA.LOCAL
baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server
kerberos 88/tcp kdc # Kerberos key server
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
as i said before when i run kinit
kinit(v5): Improper format of Kerberos configuration file while
initializing Kerberos 5 library
i tried googlin n tried varios options in the conf file but no luck
i would really apprecite n be thankful if someone could point out the
syntax error in my krb5.conf file
or if any missing software i need to check n install or anyway i could
track this error
also is there anything to check on my windows 2003 AD Server
Thanks and appreciate
Fabain
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
2009/3/25 fabian dacunha <fabian at baladia.gov.kw>:> > Dear All, > > this i feel is a little out of topic but really apprecite if someone can help > > i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server .. > but am not able to do so .This is probably a dumb question, but have you tried asking the kerberos people? See http://www-cdf.fnal.gov/upgrades/computing/icrb/kerberos-help.html. HTH mhr
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:> my domain name is===> baladia.local > Windows 2003 AD server computer name is====> kmun > > my /etc/krb5.conf file is > > ---- > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime=24000 > default_realm=BALADIA.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > BALADIA.LOCAL={ > kdc=172.16.2.227:88 > # admin_server=kmun.baladia.local:749 > default_domain=BALADIA.LOCAL > kdc=BALADIA.LOCAL > }You only need one kdc here. Choose one, comment/delete the other.> [domain_realm] > .baladia.local=BALADIA.LOCAL > baladia.local=BALADIA.LOCAL > > kerberos 88/udp kdc # Kerberos key server > kerberos 88/tcp kdc # Kerberos key serverWhat are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them.> [kdc] > profile = /var/kerberos/krb5kdc/kdc.conf > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > }kinit should work after making the changes above. Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18