After the initial setup of a trust I'm attempting to get kerberos tickets
against the AD domain.

Step 12 in this document:

Then, request service tickets for services within the Active Directory
[root@ipaserver ]# kvno cifs/
If the Active Directory service ticket is succcessfully granted, then there
will be a cross-realm TGT listed with all of the other requested tickets.
This will have the name krbtgt/AD.DOMAIN@IPA.DOMAIN.

I get an error back:
# kvno cifs/dc1.miovision.c...@miovision.corp
kvno: Server not found in Kerberos database while getting credentials for

But I do have a krbtgt ticket/AD domain:

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sdainard-r...@miolinux.corp

Valid starting     Expires            Service principal
02/05/14 14:21:06  02/06/14 14:21:06  krbtgt/miolinux.c...@miolinux.corp
02/05/14 14:21:17  02/06/14 14:21:06  host/ipa1.miolinux.c...@miolinux.corp
02/05/14 14:21:20  02/06/14 14:21:06  krbtgt/miovision.c...@miolinux.corp

Also, is it normal to not find the Linux realm listed in the domain trust
list on the AD DC?

*Steve Dainard *
IT Infrastructure Manager
Miovision <> | *Rethink Traffic*
519-513-2407 ex.250
877-646-8476 (toll-free)

*Blog <>  |  **LinkedIn
<>  |  Twitter
<>  |  Facebook
 Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON,
Canada | N2C 1L3
This e-mail may contain information that is privileged or confidential. If
you are not the intended recipient, please delete the e-mail and any
attachments and notify us immediately.
Freeipa-users mailing list

Reply via email to