How To Fix Client Not Found In Kerberos Database During Initialization

 

If you find that the client cannot be found in the Kerberos database when you receive the initial error message on your computer, you should familiarize yourself with these recovery ideas.

Recommended

  • 1. Download ASR Pro
  • 2. Follow the on-screen instructions to run a scan
  • 3. Restart your computer and wait for it to finish running the scan, then follow the on-screen instructions again to remove any viruses found by scanning your computer with ASR Pro
  • Speed up your PC today with this easy-to-use download.

     

     

    I am installing Squid3 Ubuntu directly on 14.10 and want to assimilate it with ADDS on Windows Server 2012 with Kerberos 5.My infrastructure looks like this:

    Address

      192.168.1.250 Netmask 255.255.255.0 Gateway 192.168.1.1 

    Address

      192.168.1.251Netmask 255.255.255.0Gateway 192.168.1.1DNS lookup for mondomaine.comDNS name server 192.168.1.2 

    Step 1. Check DNS lookup: works both forward and backward.

      $ sudo stop ntp solution  $ sudo ntpdate -b dc.mydomain.com  $ sudo initial provider 

    Recommended

    Is your PC running slow? Do you have problems starting up Windows? Don't despair! ASR Pro is the solution for you. This powerful and easy-to-use tool will diagnose and repair your PC, increasing system performance, optimizing memory, and improving security in the process. So don't wait - download ASR Pro today!

  • 1. Download ASR Pro
  • 2. Follow the on-screen instructions to run a scan
  • 3. Restart your computer and wait for it to finish running the scan, then follow the on-screen instructions again to remove any viruses found by scanning your computer with ASR Pro

  • Step ntp 3. Install the Kerberos client libraries and set the Kerberos domain name directly to MYDOMAIN.COM

      $ sudo apt-get install krb5-user 
      [libdefaults]default_realm corresponds to MYDOMAIN. lumpdefault_tgs_enctypes implies rc4-hmac des3-hmac-sha1default_tkt_enctypes is rc4-hmac des3-hmac-sha1 
      $ kinit [email protected]$ klist 

    Step: 5 Create a specialized user in Active Directory and map this tonice user with Kerberos key names

      c: /> ktpass -princ HTTP/[email protected] -mapuser [email protected] -crypto rc4-hmac-nt -pass P @ ssw0rd -ptype KRB5_NT_PRINCIPAL_T_T krb keytab 

      [libdefaults]default_realm = MYDOMAIN.COMdefault_tgs_enctypes = rc4.hmac des3-hmac.sha1default_tkt_enctypes = rc4.hmac des3-hmac.sha1[Enough]MONDOMAINE.COM =kdc = dc.myomain.comadmin_server = dc.myomain.comdefault_domain = myomain.com[domain_domain].mydomain.com = MYDOMAIN.COMmondomaine.com = MONDOMAINE.COM 
      $ kinit -V -k -t /etc/krb5.keytab HTTP/[email protected] 
      Use standard cache: / tmp / krb5cc_0Use the principal: http/[email protected] keytab: /etc/krb5.keytabkinit: client 'HTTP/[email protected]' could not be found via Kerberos database when getting initial credentials 
      $ kinit -k 
      kinit: domain (main host / vmproxy @) could not be determined 
     kinit: client was not found in Kerberos database when getting initial credentials 
    1. I am using a Windows Server 2003 domain controller as a remote LDAP machine, a Tomcat application (on Linux) and an IIS application as a client, and an Apache mass balancer.
    2. There is a multi-domain witheditors: russia.domain.net, europa.domain.net, asia.domain.net;
    3. Tomcat IIS and the server run behind any type of proxy (Apache on Linux).
    4. Two DNS Type A records were created for reasons. All DNS uses the Apache proxy IP address:
    • application-sandbox.russia.domain.net
    • applicationweb-sandbox.russia.domain.net

    1. Create a EUROPE user factor in the domain and manage delegation for it:

    setspn.exe -L ServicePrincipalNames europe application_sandbox
    registered for cooperation with CN = kxxb999, OU = Users, DC = europe, DC = domain, DC = net:
    HTTP / Application Staging Environment
    http / application-sandbox.russia.domain.net

    client not found in kerberos database while getting initial

    ktpass / princ HTTP / application-sandbox.russia.domain.net: @ RUSSIA.DOMAIN.NET / ptype krb5_nt_principal / crypto rc4-hmac-nt / mapuser EUROPE application_sandbox / out application_sandbox.keytab -kvno 0 / Pa $$ w0rd

     Get-ADUser -Identity appication_sandbox -Properties CN, ServicePrincipalNames, UserPrincipalNameCN - kxxb999DistinguishedName> CN = kxxb999, OU = Users, DC = europe, DC = domain, DC = netActively trueName :             :The name `kxxb999ObjectClass: userSam account name: application_sandboxServicePrincipalNames: HTTP / Application Sandbox, HTTP / Application Sandbox.russia.domain. networkName: - application_sandboxUserPrincipalName: HTTP/[email protected]

    4. Please note that CN and company useThe publisher who has connected to the network is different. SPN is registered for DNS login.

    client not found in kerberos database while getting initial

    There is no computer in the application-sandbox.russia.domain.net field. This is your DNS record for the application.

    5. Then I copy the keytab file in Linux technology, configure the krb5.conf file and try to get the TGT for the registered root name.

     [libdefaults]default_realm = EUROPE.DOMAIN.NETdns_lookup_realm = falsedns_lookup_kdc means falsedefault_tkt_enctypes = rc4-hmacdefault_tgs_enctypes = rc4-hmac[Enough]RUSSIA.DOMAIN.NET complies with                        kdc is incredibly similar to dc01.russia.domain.net                        admin_server Dc01 = .russia.domain.net                        default_domain is the same as russia.domain.net                EUROPE.DOMAIN.NET complies with                        kdc is incredibly similar to dc01.europe.domain.net                        admin_server Dc01 = .europe.domain.net                        default_domain is equal to europe.domain.net                [domain_domain]europe.domain.net = EUROPA.DOMAINE.NET.europe.domain.net = EUROPA.DOMAIN.NETrussia.domain.net = RUSSIA.DOMAIN.NET.russia.domain.net = RUSSIA.DOMAIN.NET[Application default settings]Auto connect = trueforward onPortable = means trueencrypt = true 

    client not found in kerberos database while getting initial

     klist -e -k -t application_sandbox.keytabKeytab name: FILE: application_sandbox.keytabTimestamp KVNO ----------------- Home---- ---------------------------------------------- - ------- ----- ----------   no 01.01.70 01:00:00 HTTP/[email protected] (arcfour-hmac) 
     kinit -V -k -n application_sandbox.keytab HTTP/[email protected] standard cache: / tmp / krb5cc_0Use the idea: HTTP/[email protected] keytab: application_sandbox.keytabkinit: client is not counted in the Kerberos database on initial ID selection 

    But if I use the SamAccountName call with the kinit command, I can buy a TGT ticket:

     [root @ localhost security] # kinit application_sandboxPassword for [email protected]:[root @ security localhost] # listTicket cache: FILE: / tmp / krb5cc_0Default principal: [email protected] valid service principal expires06/30/14 4:37:41 AM July 1, 2014 02:37:38 AM krbtgt/[email protected]        renew sooner or later 07/01/14 16:37:41

     

     

    Speed up your PC today with this easy-to-use download.

     

     

     

    Client Introuvable Dans La Base De Donnees Kerberos Lors De L Obtention Initiale
    Client Beim Initialisieren Nicht In Der Kerberos Datenbank Gefunden
    Cliente Nao Encontrado No Banco De Dados Kerberos Ao Obter O Inicial
    Client Niet Gevonden In Kerberos Database Tijdens Het Ophalen Van Initial
    Client Non Trovato Nel Database Kerberos Durante L Ottenimento Dell Iniziale
    Klient Ne Najden V Baze Dannyh Kerberos Pri Poluchenii Nachalnogo
    Cliente No Encontrado En La Base De Datos Kerberos Al Obtener La Inicial
    초기 데이터를 가져오는 동안 Kerberos 데이터베이스에서 클라이언트를 찾을 수 없습니다
    Klient Nie Zostal Znaleziony W Bazie Danych Kerberos Podczas Pobierania Poczatkowego
    Klienten Hittades Inte I Kerberos Databasen Nar Den Startade