<div dir="ltr"><div>After the initial setup of a trust I'm attempting to get kerberos tickets against the AD domain.</div><div><br></div><div>Step 12 in this document: <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html">https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/trust-diff-dns-domains.html</a> says:</div>
<div><br></div><div><div>Then, request service tickets for services within the Active Directory domain.</div><div>[root@ipaserver ]# kvno cifs/adserver.adexample.com@AD.DOMAIN</div><div>If the Active Directory service ticket is succcessfully granted, then there will be a cross-realm TGT listed with all of the other requested tickets. This will have the name krbtgt/AD.DOMAIN@IPA.DOMAIN.</div>
</div><div><br></div><div>I get an error back:</div><div><div># kvno cifs/dc1.miovision.corp@MIOVISION.CORP</div><div>kvno: Server not found in Kerberos database while getting credentials for cifs/dc1.miovision.corp@MIOVISION.CORP</div>
</div><div><br></div><div>But I do have a krbtgt ticket/AD domain:</div><div><br></div><div><div># klist</div><div>Ticket cache: FILE:/tmp/krb5cc_0</div><div>Default principal: sdainard-root@MIOLINUX.CORP</div><div><br></div>
<div>Valid starting     Expires            Service principal</div><div>02/05/14 14:21:06  02/06/14 14:21:06  krbtgt/MIOLINUX.CORP@MIOLINUX.CORP</div><div>02/05/14 14:21:17  02/06/14 14:21:06  host/ipa1.miolinux.corp@MIOLINUX.CORP</div>
<div>02/05/14 14:21:20  02/06/14 14:21:06  krbtgt/MIOVISION.CORP@MIOLINUX.CORP</div></div><div><br></div><div>Also, is it normal to not find the Linux realm listed in the domain trust list on the AD DC?</div><div><br></div>
<div><br></div><br clear="all"><div><div dir="ltr"><span style="font-family:arial,sans-serif;font-size:16px"><strong>Steve Dainard </strong></span><span style="font-size:12px"></span><br>
<span style="font-family:arial,sans-serif;font-size:12px">IT Infrastructure Manager<br>
<a href="http://miovision.com/" target="_blank">Miovision</a> | <em>Rethink Traffic</em><br>
519-513-2407 ex.250<br>
877-646-8476 (toll-free)<br>
<br>
<strong style="font-family:arial,sans-serif;font-size:13px;color:rgb(153,153,153)"><a href="http://miovision.com/blog" target="_blank">Blog</a>  |  </strong><font color="#999999" style="font-family:arial,sans-serif;font-size:13px"><strong><a href="https://www.linkedin.com/company/miovision-technologies" target="_blank">LinkedIn</a>  |  <a href="https://twitter.com/miovision" target="_blank">Twitter</a>  |  <a href="https://www.facebook.com/miovision" target="_blank">Facebook</a></strong></font> </span>
<hr style="font-family:arial,sans-serif;font-size:13px;color:rgb(51,51,51);clear:both">
<div style="color:rgb(153,153,153);font-family:arial,sans-serif;font-size:13px;padding-top:5px">
        <span style="font-family:arial,sans-serif;font-size:12px">Miovision Technologies Inc. | 148 Manitou Drive, Suite 101, Kitchener, ON, Canada | N2C 1L3</span><br>
        <span style="font-family:arial,sans-serif;font-size:12px">This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.</span></div>
</div></div>
</div>