[Authentication] realmd domain join with kinit not working on Ubuntu 18.04
Sumit Bose
sbose at redhat.com
Tue Aug 7 12:11:16 UTC 2018
On Fri, Jul 27, 2018 at 06:02:38PM +0200, Simon May wrote:
> I checked:
>
>
> # kinit -kt /path/to/keytab my_username
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: my_username at EXAMPLE.COM
>
> Valid starting Expires Service principal
> 25.07.2018 17:01:13 26.07.2018 03:01:13 krbtgt/EXAMPLE.COM at EXAMPLE.COM
>
>
> So the ticket is definitely there, but realmd doesn’t use/see it.
Have you tried to tell realm explicitly about the ccache file by calling
KRB5CCNAME=FILE:/tmp/krb5cc_0 realm join ...
HTH
bye,
Sumit
>
>
> On 21.07.2018 03:00, Simon May wrote:
> > Well, I’m not the one specifying these options. The only commands I ran were
> > # kinit -kt /path/to/keytab my_username
> > # realm join ad.example.com
> > The call to “adcli” and all the options used for it were generated by
> > the “realm” command. My question is why it is using these options in
> > particular instead of the Kerberos ticket.
> >
> > I will check if the ticket is actually there using “klist”, perhaps it
> > disappears for some reason.
> >
> >
> > On 20.07.2018 20:48, Niklas Andersson wrote:
> >> AFAIK you don't need any of these options "--login-type user
> >> --login-user Administrator --stdin-password" if you have a valid
> >> Kerberos ticket (check with klist)
> >>
> >> The purpose with Kerberos is that you don't need to specify user or
> >> password.
> >>
> >> Regards,
> >> Niklas
> >>
> >
> >
>
> _______________________________________________
> Authentication mailing list
> Authentication at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/authentication
More information about the Authentication
mailing list