[Freeipa-users] How to check IPA <--> AD trust from command line

Sumit Bose sbose at redhat.com
Tue Jan 6 17:03:21 UTC 2015 

On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote:
> Hi
> 
> I Tried on IPA server and below is my output:
> 
> [root at kwtpocpbis01 ~]# kinit adm-ben.george at kwttestdc.com
> Password for adm-ben.george at kwttestdc.com:
> kinit: KDC reply did not match expectations while getting initial
> credentials
> 
> how can i troubleshot this issue.?

The argument to kinit is a Kerberos principal which is handled
case-sensitive by kinit. To get around the error message either use

kinit -C  adm-ben.george at kwttestdc.com

or

kinit adm-ben.george at KWTTESTDC.COM

(typically the realm part is upper-case, if your user name contains
upper-case letters as well you should use them here as well, if you
don't know 'kinit -C' might be the better solution)

HTH

bye,
Sumit
> 
> Thanks & Regards,
> Ben
> 
> 
> On Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose <sbose at redhat.com> wrote:
> 
> > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote:
> > > On 01/05/2015 08:35 PM, Ben .T.George wrote:
> > > >
> > > >Hi LIst,
> > > >
> > > >how to check IPA <-> Active directory trust relationship . i just want
> > to
> > > >confirm my ipa server is working fine.
> > >
> > > On an IPA server or client machine:
> > > $ kinit adusername at ADDOMAIN.COM
> > > Password: aduserpassword
> > >
> > > If there are no AD users yet, you can try with
> > administrator at ADDOMAIN.COM
> > > assuming you have the AD admin password.
> >
> > Additionally you have to check if the AD user can get a ticket for an IPA
> > service e.g. after calling kinit with the AD user call
> >
> > kvno ldap/ipaserver.ipa.domain at IPA.DOMAIN
> >
> > bye,
> > Sumit
> >
> > >
> > > >
> > > >Regards,
> > > >Ben
> > > >
> > > >
> > >
> >
> > > --
> > > Manage your subscription for the Freeipa-users mailing list:
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > Go To http://freeipa.org for more info on the project
> >
> > --
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go To http://freeipa.org for more info on the project
> >

More information about the Freeipa-users mailing list