6

I'm trying to join Ubuntu Server 16.04.3 (fresh install) join to AD follow the guide https://www.starwindsoftware.com/blog/ubuntu-join-a-server-to-an-active-directory-domain

The /etc/krb5.conf contant is following:

[libdefaults]
ticket_lifetime = 24000
default_realm = mydomain.local
default_tgs_entypes = rc4-hmac des-cbc-md5
default_tkt__enctypes = rc4-hmac des-cbc-md5
permitted_enctypes = rc4-hmac des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
dns_fallback = yes

[realms]
mydomain.local = {
  kdc = pdc.mydomain.local
  kdc = sdc.mydomain.local
  default_domain = pdc.mydomain.local
}

[domain_realm]
.mydomain.local = pdc.mydomain.local
mydomain.local = pdc.mydomain.local

[appdefaults]
pam = {
  debug = false
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

Running sudo kinit domainuser I recieve the error: kinit: Improper format of Kerberos configuration file while initializing Kerberos 5 library. Googling I found CentOS7 Kerberos Auth: Improper format of Kerberos configuration file; . I have already checked the /etc/krb5.conf syntax which has no mistakes.

Joshua Turnwell
  • 530
  • 3
  • 12

2 Answers2

2

Perhaps a simpler config for troubleshooting? (Also, pay attention to the capitalization, it is very important even though it may look arbitrary.)

[libdefaults]
  default_realm = MYDOMAIN.LOCAL
  ticket_lifetime = 24h
  renew_lifetime = 7d
  dns_lookup_realm = false

[realms]
MYDOMAIN.LOCAL = {
  kdc = pdc.mydomain.local
  kdc = sdc.mydomain.local
}

[domain_realm]
mydomain.local = MYDOMAIN.LOCAL
.mydomain.local = MYDOMAIN.LOCAL

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

If this works, you can start adding the other settings back until something breaks.

sippybear
  • 2,997
  • 1
  • 12
  • 12
  • 1
    unfortunately, it did not help. the same error but nothing in logs. I'll try one more time from scratch. – Joshua Turnwell Jan 29 '18 at 16:20
  • 2
    @JoshuaTurnwell have you tried following the guide from Ubuntu? https://help.ubuntu.com/lts/serverguide/sssd-ad.html They use sssd to manage the connection and I've had good results in the past. Also, could you post your updated krb5.conf if it continues to complain about an improper format? – sippybear Jan 29 '18 at 23:58
2

I think you are missing a 'c'. You have default_tgs_entypes instead of default_tgs_enctypes.

Daniele Santi
  • 2,479
  • 1
  • 25
  • 22
user1233043
  • 19
  • 1