If you only have one realm then you will only have principals in that
one realm. What the domain_realm section is telling the client is
that each of your domains belongs to the same realm. Principals belong
to the realm and not the domain.
[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
Jeffrey Altman
Alex wrote:
> Hi all,
> I have some problem in setting up krb5.conf for client authentication.
> I'm working on a multi domain scenario with several domain like
> A.COMPANY.COM, B.COMPANY.COM, ... and one kdc server (Active Directory)
> that belongs to A.COMPANY.COM domain.
> So I setup a krb5.conf as follows
>
> [libdefaults]
> default_realm = A.COMPANY.COM
>
> [realms]
> A.COMPANY.COM = {
> kdc = kdcserver:88
> }
>
> [domain_realm]
> .a.company.com = A.COMPANY.COM
> .b.company.com = A.COMPANY.COM
> a.company.com = A.COMPANY.COM
>
> Principals that belongs to A.COMPANY.COM are authenticated (kinit
> works), others not.
> For those who are not authenticated kinit returns "Client not found in
> Kerberos database" error message but user exist in AD.
> Any suggestions or how I can get more information would be appreciated.
>
> Thanks,
> Alex
>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
