Author Topic: kinit: krb5_get_init_creds: unable to reach any kdc in realm  (Read 3234 times)

alx

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
kinit: krb5_get_init_creds: unable to reach any kdc in realm
« on: October 04, 2017, 10:12:23 am »
I am trying to connect Linux Mint 17.3 client to Zentyal 5.0 Development Ed by going through this guide https://wiki.zentyal.org/wiki/Authenticating_Linux_client_against_Samba . But i got stuck on the kinit Administrator procedure, i'm getting kinit: krb5_get_init_creds: unable to reach any kdc in realm error.

Client configs:



Server & Client can ping internet, so i guess DNS is working properly:



Also Kerberos port on Server is open to Client:


Do i need to introduce more info for community to get help?

UPD: Win users easily entering domain!
« Last Edit: October 04, 2017, 12:29:05 pm by alx »

alx

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #1 on: October 04, 2017, 03:47:26 pm »
Resolved.Everything below was done on client:

1) installed pbis-open https://github.com/BeyondTrust/pbis-open/releases

2) added into /etc/network/interfaces
Code: [Select]
dns-nameservers 192.168.13.248
dns-domain di.lan
dns-search di.lan

3) used this command
Code: [Select]
sudo domainjoin-cli join --disable ssh DI.LAN login@DI.LAN

BerT666

  • Zen Warrior
  • ***
  • Posts: 215
  • Karma: +7/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #2 on: October 13, 2017, 12:42:05 pm »
The error in your first posts looks like there was no (internal) DNS Entry for the kerberos server.

So, in theory, editting the entries in the /etc/resolv.conf would have been enough.

Regards

Thomas

jjk_saji

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #3 on: December 12, 2017, 11:49:02 am »
Resolved.Everything below was done on client:

1) installed pbis-open https://github.com/BeyondTrust/pbis-open/releases

2) added into /etc/network/interfaces
Code: [Select]
dns-nameservers 192.168.13.248
dns-domain di.lan
dns-search di.lan

3) used this command
Code: [Select]
sudo domainjoin-cli join --disable ssh DI.LAN login@DI.LAN

Thanks
I am trying with
 sudo domainjoin-cli join --disable ssh TEST.LOCAL administrator@TEST.LOCAL
Joining to AD Domain:   TEST.LOCAL
With Computer DNS Name: ubuntu-16-04.test.local

administrator@TEST.LOCAL's password:

Quote
Error: Undocumented exception [code 0x00009efc]

An undocumented exception has occurred. Please contact BeyondTrust technical support and use the error code to identify this exception.

Guidance and advice requested
Thanks
Joseph John




BerT666

  • Zen Warrior
  • ***
  • Posts: 215
  • Karma: +7/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #4 on: December 13, 2017, 04:40:27 pm »
Do you have any logs regarding the pbis-open?
maybe remove the package and try again?

Regards

Thomas

jjk_saji

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #5 on: December 13, 2017, 10:24:16 pm »
Thanks
the log file shows that
Quote
itsupport@saji:~$ tail -f /var/log/pbis-open-install.log

Success: /bin/systemctl start lwsmd.service

Error: mv /var/lib/likewise /var/lib/likewise.old returned 1  (ignoring and continuing)
mv: cannot stat '/var/lib/likewise': No such file or directory

Success: rm -rf /var/lib/pbis-upgrade
Package: PowerBroker Identity Services Open postinstall finished

Guidance and advice requested

BerT666

  • Zen Warrior
  • ***
  • Posts: 215
  • Karma: +7/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #6 on: December 14, 2017, 10:51:20 am »
pbis-open seems to be not configured / installed correctly...

Did you try it without this / did you already try to reinstall (better: purge and do a fresh install of this)?
Did you check forums / messageboards regarding such an error in pbis?

jjk_saji

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #7 on: December 16, 2017, 05:20:10 pm »
I did by now lots of time, mostly with freshly installed Ubuntu 16.04 LTS, no luck.
I do not know where I am going wrong, or is it the issue of the OS itself. I am not sure

I am going now to do the same using Debian,  will update the status

jjk_saji

  • Zen Apprentice
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: kinit: krb5_get_init_creds: unable to reach any kdc in realm
« Reply #8 on: December 16, 2017, 07:21:27 pm »
 :)
Now I did with gui, I had to install some dependency
Quote
libgladc2
using the GUI I was able to add my ubuntu machine to the zetyal DC
Thanks