kinit: Realm not local to KDC while getting initial credentials

Latest response

Hi

I am configuring a RHEL 6.7 server so that I can use kinit to get tickets from a Windows 2008R2 Active Directory. This AD infrastructure has a parent domain and several child domains, the user with which I am testing is in one of the subdomains (US.COMPANY.LOCAL). Iconfigured /etc/krb5.conf the following way:

[root@server001 ~]# cat /etc/krb5.conf 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = US.COMPANY.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 US.COMPANY.LOCAL = {
  kdc = dc2.ena.us.company.local
  admin_server = dc2.ena.us.company.local
  default_domain = US.COMPANY.LOCAL
 }

[domain_realm]
 .us.company.local = US.COMPANY.LOCAL
 us.company.local = US.COMPANY.LOCAL
[root@server001 ~]# 

When I test with kinit, I get this:

[root@server001 ~]# kinit -V B05303A
Using default cache: /tmp/krb5cc_0
Using principal: B05303A@US.COMPANY.LOCAL
kinit: Realm not local to KDC while getting initial credentials
[root@server001 ~]# 

Any help is appreciated.

Responses

Did you ever resolve this one? I'm also looking for a similar invalid login and see it is mentioned "Using default cache: /tmp/krb5...."