Am Tue, May 11, 2021 at 07:08:40PM - schrieb pxg51214 r via FreeIPA-users:
> Hello,
> I apologize if this has been previously resolved. I am new to FreeIPA
> product. Our ops team has created a keytab (please kindly see below for the
> command used)
> on a Windows AD server. I copied the keytab file, along with the KDC and
> root-CA certificates to a RedHat Linux
> added a second REALM entry in the /etc/krb5.conf (per Google blogs
> recommendations) and and tried 'kinit' (please
> see the command used below).
> The cli response (error) is listed below and I appreciate guidance on the
> possible root causes and remedies.
> Thank you very much.
> -Chris
>
> #- Linux system configuration (the server where the keytab is placed for
> automation)
> $ cat /etc/os-release
> NAME="Red Hat Enterprise Linux"
> VERSION="8.3 (Ootpa)"
> ID="rhel"
> ID_LIKE="fedora"
> VERSION_ID="8.3"
> PLATFORM_ID="platform:el8"
> PRETTY_NAME="Red Hat Enterprise Linux 8.3 (Ootpa)"
> ANSI_COLOR="0;31"
> CPE_NAME="cpe:/o:redhat:enterprise_linux:8.3:GA"
> HOME_URL="https://www.redhat.com/;
> BUG_REPORT_URL="https://bugzilla.redhat.com/;
>
> REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
> REDHAT_BUGZILLA_PRODUCT_VERSION=8.3
> REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
> REDHAT_SUPPORT_PRODUCT_VERSION="8.3"
>
>
> # Windows AD server configuration (the server where the keytab is
> created) ---
> PS C:\temp> systeminfo
>
> Host Name: MGMT-062-AD
> OS Name: Microsoft Windows Server 2019 Standard
> OS Version:10.0.17763 N/A Build 17763
> OS Manufacturer: Microsoft Corporation
> OS Configuration: Primary Domain Controller
> OS Build Type: Multiprocessor Free
> Registered Owner: EXAMPLE, Inc
> Registered Organization: EXAMPLE.COM
> Product ID:00429-7-0-AA235
> Original Install Date: 3/25/2020, 8:52:14 PM
> System Boot Time: 4/14/2021, 5:18:21 PM
> System Manufacturer: Xen
> System Model: HVM domU
> System Type: x64-based PC
> Processor(s): 1 Processor(s) Installed.
>[01]: Intel64 Family 6 Model 79 Stepping 1
> GenuineIntel ~2600 Mhz
> BIOS Version: Xen 4.7, 12/14/2020
> Windows Directory: C:\Windows
> System Directory: C:\Windows\system32
> Boot Device: \Device\HarddiskVolume1
> System Locale: en-us;English (United States)
> Input Locale: en-us;English (United States)
> Time Zone: (UTC-06:00) Central Time (US & Canada)
> Total Physical Memory: 16,380 MB
> Available Physical Memory: 12,006 MB
> Virtual Memory: Max Size: 18,812 MB
> Virtual Memory: Available: 14,772 MB
> Virtual Memory: In Use:4,040 MB
> Page File Location(s): C:\pagefile.sys
> Domain:internal2.example.com
> Logon Server: \\MGMT-062-AD
> Hotfix(s): 16 Hotfix(s) Installed.
>[01]: KB4601558
>[02]: KB4494174
>[03]: KB4516115
>[04]: KB4523204
>[05]: KB4535680
>[06]: KB4539571
>[07]: KB4549947
>[08]: KB4562562
>[09]: KB4580325
>[10]: KB4587735
>[11]: KB4598480
>[12]: KB4601393
>[13]: KB5000859
>[14]: KB5001404
>[15]: KB5003243
>[16]: KB5003171
> Network Card(s): 1 NIC(s) Installed.
>[01]: XenServer PV Network Device
> Connection Name: Ethernet 2
> DHCP Enabled:No
> IP address(es)
> [01]: 10.93.178.118
> [02]: fe80::580:2a39:3c96:efa0
> Hyper-V Requirements: A hypervisor has been detected. Features required
> for Hyper-V will not be displayed.
> PS C:\temp>
>
>
> #- Command used on Windows AD server (mgmt-062-ad) to create the keytab
> file ---
>
> C:/> ktpass -out ldap-ad-2.keytab -princ
> l...@mgmt-062-ad.internal2.example.com@INTERNAL2.EXAMPLE.COM +rndPass
> -mapUser l...@internal2.example.com -crypto AES256-SHA1 -pType
> KRB5_NT_PRINCIPAL
Hi,
the principal is wrong. A proper principal would be e.g.
... - princ ldap/mgmt-062-ad.internal2.example@internal2.example.com
However, I'd expect that this won't work either because this principal
is most probably
