我在 CentOS 6.3 对 2008R2 AD DC 进行身份验证的这个线程中描述了一个非常相似的问题。
这是我的 krb5.conf,我知道 XXXXXXX.LOCAL 是真正的域名:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XXXXXXX.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
verify_ap_req_nofail = false
[realms]
XXXXXXX.LOCAL = {
kdc = ad1.XXXXXXX.local
kdc = ad2.XXXXXXX.local
admin_server = ad1.XXXXXXX.local
default_domain = XXXXXXX.LOCAL
}
[domain_realm]
.XXXXXXX.local = XXXXXXX.LOCAL
XXXXXXX.local = XXXXXXX.LOCAL
.XXXXXXX.com = XXXXXXX.LOCAL
XXXXXXX.com = XXXXXXX.LOCAL
当我做一个:
kinit …