Configure realms under krb5.conf file for using AD Authentication for RHEL VMs

Latest response

I'm hitting a sticking point here as I've never done this before.

I'm using the following document from Red Hat for help:

https://access.redhat.com/sites/default/files/attachments/rhel-ad-integration-deployment-guidelines-v1.5.pdf

I'm to the part to install/configure Kerberos Client and I'm not sure how to configure the krb5.conf file

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
[realms]
 REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM = {
 kdc = WIN-SRV1.REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM
 admin_server = WIN-SRV1.REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM
 }
[domain_realm]
 .demo = REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM 
demo = REFARCH-AD.CLOUD.LAB.ENG.BOS.REDHAT.COM

For the default_realm, I believe I'm going to use the FQDN here for the local AD Server, correct

As for the realms, is this the same thing. I'm not really sure what to do for this part. Basically I'm trying to go thru this because if I do that, then I understand.

thanks

Responses