Multiples Domains
ltamaster opened this issue · comments
Hi All
I have been working on setting up a winrm connection using kerberos with multiples domains.
I set on my /etc/krb5.conf setting both domains on [realms].
The connection works ok for one domain (the one set on the [libdefaults] through the attribute default_realm). But the connection fail on the other domain (using a domain user on both cases).
(this is the error that i got)
KrbException: Fail to create credential. (63) - No service creds
When i changed for example the default_realm from Domain1 to Domain2, now the connection of Domain2 works (but Domain1 fail with the same error).
Also i tested removing the default_realm, and i that case both connections fails with 401 error.
WinRM Error: Unexpected HTTP response on http://WIN-CR6637OIDK9:5985/wsman: (401)
I would like to know what i am missing on my /etc/krb5.conf in order to make both domains work together.
Thanks
[libdefaults]
default_realm = DOMAIN1.LOCAL
[realms]
DOMAIN1.LOCAL={
kdc = SERVER.DOMAIN1.LOCAL
default_domain=DOMAIN1.LOCAL
}
DOMAIN2.LOCAL={
kdc = SERVER2.DOMAIN2.LOCAL
default_domain=DOMAIN2.LOCAL
auth_to_local_names=DOMAIN2.LOCAL
}
[domain_realm]
.domain1.local = .DOMAIN1.LOCAL
domain1.local = DOMAIN1.LOCAL
.domain2.local = .DOMAIN2.LOCAL
domain2.local = DOMAIN2.LOCAL