KDC reply did not match expectations while getting initial credential

Posted on Christian By Christian No Comments on KDC reply did not match expectations while getting initial credential
KDC reply error

In this article, we shall discuss the fix to “KDC reply did not match expectations while getting initial credential”. Kerberos is a network authentication protocol used to authenticate users or services in a secure way. Please see how to Set Up and Use ChatGPT in Linux Terminal, how to configure Kerberos for Ansible Authentication, and Configure Windows Admin Center on Windows Server 2019.

And kinit is a command used to obtain or renew a Kerberos ticket-granting ticket (TGT) from the Key Distribution Center (KDC).

Please see “how to Fix cannot find KDC for realm while getting initial credentials and kinit configuration file does not specify default realm. Here is how to backup Azure VM with VM Settings.

What was the error “KDC reply did not match expectation” prompted?

The following error is prompted when trying to initialize krb5 with AD as shown below. The issue was I had my realm in lower case and not all parameters were fully entered. 

$ kinit user@test.com
Password for user@test.com:
kinit: KDC reply did not match expectations while getting initial credentials

Here is “Kinit Error: Fix Malformed representation of principal when parsing name. Also, see how to fix “Request timed out and Destination Host Unreachable, Transit Failed, General Failure“.

Solution

The realm is in capital letters. Access the krb5.config file via the path:

C:\cygwin64\etc\crypto-policies\back-ends.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = TEST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 WEBSITE.COM = {
  kdc = myserver.test.com
  admin_server = myserver.test.com
 }

[domain_realm]
 .test.com = TEST.COM
 Test.com = TEST.COM

Next, run the kinit command again with the domain name in upper case. The error will not be prompted and the user will be authenticated via Kerberos with AD.

For more information see the following article. Please, see also, Preparation failed: Error during connect in the default daemon configuration on Windows, the docker client must be run with elevated privileges.

I hope you found this article on how to fix “KDC reply did not match expectations while getting initial credential” very useful. Please feel free to leave a comment below.

5/5 - (2 votes)
Configuration Management Tool Tags:

Related Posts

More Related Articles

screenshot 2020 04 18 at 00.01.07 Different ways to check for Ansible syntax errors Configuration Management Tool
opsworks for automate blog How to setup Chef Automate on AWS Configuration Management Tool
CI With GitLab 1 Build Docker Images with GitLab CI Automation
jmeterlogo 3 Install and conduct performance testing using Apache JMeter on your Web App Configuration Management Tool
ansible business cards 1600x0 c default Various Ansible Authentication Options Configuration Management Tool
image 42 How to Install and Setup WordPress into a cPanel and Configure Your First WordPress Theme Configuration Management Tool

Leave a Reply