CentOS authenticating to Active Directory

[brendenm]

Has anyone setup CentOS to authenticate to Active Directory? I've found multiple articles for different distributions on how to do it but none of them have worked.

Basically I want to setup the CentOS box and have it "just like" a windows domain computer where anyone can logon to it without first having a local user created.

Right now I can't even get kinit to work with my local and domain account.

I keep getting an error "KDC reply did not match expectations while getting initial credentials"

Any help would be appreciated.

[stalione]

[b]I have AD integration working pretty well. The error that you specified is because your /etc/krb5.conf is not properly configured.
Here is how my file looks:[/b]

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MY.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true

[realms]
SPDUSLISDC01.MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com:88
admin_server = spduslisdc01.my.domain.com:749
default_domain = my.domain.com
}

my.domain.com={
}

MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com
admin_server = spduslisdc01.my.domain.com
kdc = spduslisdc01.my.domain.com
}

[domain_realm]
my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
spduslisdc01.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

[b]I got this file from some site during my research...so don't ask me to explain its contents. I did not get time to look into it...it works for me and thats good enough for now.[/b]

[jbrost]

I followed this one for winbind and samba.

http://www.redmondmag.com/columns/article.asp?EditorialsID=858
--
Jim