Our forums are currently in maintenance mode and the ability to post is disabled. We will be back up and running as soon as possible. Thanks for your patience!

General discussion


Kerberos Errors w/ AD/Linux integration

By laird.Beamesderfer ·
Does anyone else have this working?
See Article: tml

I get the following error messages when I try to log into A
kinit(v5): KDC reply did not match expectations while getting initial credentials

If I use the wrong password, I get:
kinit(v5): Password incorrect while getting initial credentials

Is there some change that must be made on the AD side that is not mentioned in this article?

I can't find any logs on this on the linux box, and the only help that I have found online has just given me the full error code:
KRB5_KDCREP_MODIFIE KDC reply did not match expectations

I can't find any more information on this.

Any help you could provide would be an amazing bit of assistance.

Thanks in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by johnj In reply to Kerberos Errors w/ AD/Lin ...

Are you using Samba 3.0? If yes, have you tried typing the AD domain name in all caps?
Try this in a root console: /usr/kerberos/bin/kinit administrator@YOURDOMAIN.COM
It should prompt for a password. If not, try the domain in all small letters.
You should all check your /etc/samba/smb.conf file to make sure it has these lines:

ads server =
security = ADS
encrypt passwords = yes

When you're done with that, join the linux box to the AD.

net ads join

You should get a confirmation that the linux box has been added to the AD.

I have a RedHat 9.0 server with Samba 3.0 on a Win2K AD, and this works for me. I am still having difficulties with the Linux box authenticating AD users, though.

John Wheaton

Collapse -

by br In reply to Kerberos Errors w/ AD/Lin ...

As a note to johnj?s answer:
You must give samba/winbind a User which is able to look-up users in AD (not sure which Attributes). If you use the builtin the Administrator for this purpose or try to logon as administrator make sure you changed your password since the "dcpromo"-process. The password will only be saved in an KRB-interoperaitble way if you changed it after AD-domain-promotion!!

Hope this helps...

Related Discussions

Related Forums