Configuration Management Tool

Error – kinit: KDC reply did not match expectations while getting initial credentials

The following error is prompted when trying to initialize krb5 with AD as shown below. The issue was I had my realm in lower case and not all parameters were fully entered.

$ kinit user@test.com
Password for user@test.com:
kinit: KDC reply did not match expectations while getting initial credentials

Solution: Ensure your krb5 file is structured this way.
– The realm is in capital letters
– Access the krb5.config file via C:\cygwin64\etc\crypto-policies\back-ends.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = TEST.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 WEBSITE.COM = {
  kdc = myserver.test.com
  admin_server = myserver.test.com
 }

[domain_realm]
 .test.com = TEST.COM
 Test.com = TEST.COM 

Next, run the kinit command again with the domain name in upper case as shown below, the error will not be prompted and the user will be authenticated via Kerberos with AD.

For more information, see the following link.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#kerberos

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x