0

I need to map the Service principal name for the user in an Active Directory from Linux environment, where my KDC is located, to Windows.

Is there a way to map the AD user from Linux rather than mapping them using setSPN in the Windows environment?

Solution tried:

Configured Krb5-conf in Linux machine and installed krb5-usr as a client in Linux machine.

While issuing the command to add a principal name for the user using the admin user, I get this error:

testuser@linux106:~$ kadmin -p adminuser/admin@TEST.COM -q "addprinc user1/admin@TEST.COM"
Authenticating as principal adminuser/admin@TEST.COM with password.
kadmin: Client not found in Kerberos database while initializing kadmin interface

Please provide input to achieve it or tell me if I misunderstood.

Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
karthik
  • 101
  • 4

1 Answers1

0

Client not found in Kerberos database while initializing kadmin interface means that the principal adminuser/admin@TEST.COM you are triying to authenticate with doesn't exists.

You can avoid authenticating by executing kadmin.local on KDC server

$ sudo kadmin.local

Then, use listprincs, addprinc, delprinc ... to manage your Kerberos database principals.

Is there a way to map the AD user from Linux?

There is no way to map an AD user from linux, as the mapping AD_user <--> AD_principal has only sense on AD servers. (*)

(*) Note that there are no Kerberos_users in a Kerberos database, just Kerberos_principals. (Or Kerberos_user = Kerberos_principal if you prefer, anyway you can't map principals to users)

Ra_
  • 677
  • 4
  • 9