The following error is prompted when trying to initialize krb5 with AD as shown below. The issue was I had my realm in lower case and not all parameters were fully entered.
$ kinit user@test.com
Password for user@test.com:
kinit: KDC reply did not match expectations while getting initial credentials
Solution: Ensure your krb5 file is structured this way.
– The realm is in capital letters
– Access the krb5.config file via C:\cygwin64\etc\crypto-policies\back-ends.
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
WEBSITE.COM = {
kdc = myserver.test.com
admin_server = myserver.test.com
}
[domain_realm]
.test.com = TEST.COM
Test.com = TEST.COM Next, run the kinit command again with the domain name in upper case as shown below, the error will not be prompted and the user will be authenticated via Kerberos with AD.
For more information, see the following link.
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#kerberos