I am confused because when I run 'adcli update --verbose' it says it updated the keytab at /etc/krb5.keytab and outputs the same account name (which I am assuming is the principal for the computer) as adcli testjoin. I am really scratching my headabout this, what am I doing wrong here?
Hi All,
I am trying to get HTCondor with Kerberos authentication ( https://htcondor.readthedocs.io/en/stable/admin-manual/security.html?highlight=Kerberos#kerberos-authentication)
to work on some linux machines I have which I joined to Windows Active Directory with realmd.
Hi All,
I am trying to get HTCondor with Kerberos authentication ( https://htcondor.readthedocs.io/en/stable/admin-manual/security.html?highlight=Kerberos#kerberos-authentication
) to work on some linux machines I have which I joined to Windows
Active Directory with realmd. HTCondor tries to authenticate with the
machine principal, but I am having a hard time figuring out what that
is. When I run 'klist -k' I see a bunch of entries from
/etc/krb5.keytab along the lines of host/fqdn@REALM. However, when I
run 'kinit -k' I get "kinit: Client $(hostname) not found in Kerberos database".
I then interrogated the realm with adcli, using 'adcli testjoin --
verbose' and it outputs the computer account name as
HOST/HOSTNAME@REALM. When I run 'kinit -k HOST/HOSTNAME@REALM' I get
back the error "kinit: Keytab contains no suitible keys for HOST/HOSTNAME@REALM".
I am confused because when I run 'adcli update --verbose' it says it
updated the keytab at /etc/krb5.keytab and outputs the same account
name (which I am assuming is the principal for the computer) as adcli testjoin. I am really scratching my head about this, what am I doing
wrong here?
Thanks,
Wes
Public Content
________________________________
The information contained in this e-mail and any attachments from
Numerica Corporation may contain confidential and/or proprietary
information, and is intended only for the named recipient to whom it
was originally addressed. If you are not the intended recipient, any disclosure, distribution, or copying of this e-mail or its
attachments is strictly prohibited. If you have received this e-mail
in error, please notify the sender immediately by return e-mail and permanently delete the e-mail and any attachments.
________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 292 |
Nodes: | 16 (2 / 14) |
Uptime: | 186:39:56 |
Calls: | 6,616 |
Files: | 12,165 |
Messages: | 5,314,902 |