Giters

xebialabs / overthere

Runs something "Over there"

Home Page:http://www.xebialabs.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Multiples Domains

ltamaster opened this issue · comments

commented

Hi All

I have been working on setting up a winrm connection using kerberos with multiples domains.
I set on my /etc/krb5.conf setting both domains on [realms].

The connection works ok for one domain (the one set on the [libdefaults] through the attribute default_realm). But the connection fail on the other domain (using a domain user on both cases).

(this is the error that i got)
KrbException: Fail to create credential. (63) - No service creds

When i changed for example the default_realm from Domain1 to Domain2, now the connection of Domain2 works (but Domain1 fail with the same error).

Also i tested removing the default_realm, and i that case both connections fails with 401 error.

WinRM Error: Unexpected HTTP response on http://WIN-CR6637OIDK9:5985/wsman: (401)

I would like to know what i am missing on my /etc/krb5.conf in order to make both domains work together.

Thanks

[libdefaults]
default_realm = DOMAIN1.LOCAL

[realms]
DOMAIN1.LOCAL={
kdc = SERVER.DOMAIN1.LOCAL
default_domain=DOMAIN1.LOCAL
}

DOMAIN2.LOCAL={
kdc = SERVER2.DOMAIN2.LOCAL
default_domain=DOMAIN2.LOCAL
auth_to_local_names=DOMAIN2.LOCAL
}

[domain_realm]
.domain1.local = .DOMAIN1.LOCAL
domain1.local = DOMAIN1.LOCAL
.domain2.local = .DOMAIN2.LOCAL
domain2.local = DOMAIN2.LOCAL