KDC reply did not match expectations while getting initial credential

Posted on IT Expert By IT Expert No Comments on KDC reply did not match expectations while getting initial credential
KDC reply error

In this article, we shall discuss the fix to “KDC reply did not match expectations while getting initial credential”. Kerberos is a network authentication protocol used to authenticate users or services in a secure way. Please see how to Set Up and Use ChatGPT in Linux Terminal, how to configure Kerberos for Ansible Authentication, and Configure Windows Admin Center on Windows Server 2019.

And kinit is a command used to obtain or renew a Kerberos ticket-granting ticket (TGT) from the Key Distribution Center (KDC).

Please see “how to Fix cannot find KDC for realm while getting initial credentials and kinit configuration file does not specify default realm. Here is how to backup Azure VM with VM Settings.

What was the error “KDC reply did not match expectation” prompted?

The following error is prompted when trying to initialize krb5 with AD as shown below. The issue was I had my realm in lower case and not all parameters were fully entered. 

$ kinit user@test.com
Password for user@test.com:
kinit: KDC reply did not match expectations while getting initial credentials

Here is “Kinit Error: Fix Malformed representation of principal when parsing name. Also, see how to fix “Request timed out and Destination Host Unreachable, Transit Failed, General Failure“.

Solution

The realm is in capital letters. Access the krb5.config file via the path:

C:\cygwin64\etc\crypto-policies\back-ends.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = TEST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 WEBSITE.COM = {
  kdc = myserver.test.com
  admin_server = myserver.test.com
 }

[domain_realm]
 .test.com = TEST.COM
 Test.com = TEST.COM

Next, run the kinit command again with the domain name in upper case. The error will not be prompted and the user will be authenticated via Kerberos with AD.

For more information see the following article. Please, see also, Preparation failed: Error during connect in the default daemon configuration on Windows, the docker client must be run with elevated privileges.

I hope you found this article on how to fix “KDC reply did not match expectations while getting initial credential” very useful. Please feel free to leave a comment below.

5/5 - (2 votes)
Configuration Management Tool Tags:

Related Posts

More Related Articles

aptira ansible 1 The module ping was not found in configured module paths, core modules are missing Configuration Management Tool
Create S3 Bucket with Terraform Create an S3 Bucket with Terraform AWS/Azure/OpenShift
How to download install and use Kitty SSH Client on Windows How to Download and Use KiTTY SSH Client on Windows Configuration Management Tool
ansible logo600 591x296 1 Ansible_user=UNREACHABLE {Failed to connect to the host via SSH: SSH: Could not resolve hostname (Name or service not known, unreachable true) Configuration Management Tool
sonarlite How to Setup SonarLint in VS Code for Your App Project Configuration Management Tool
Implement Azure Bicep How to Deploy Azure Resources Using Azure Bicep Automation

Leave a Reply