Kerberos Authentication for multiple domains with no common dns
by Ramya1999 from LinuxQuestions.org on (#6PZ3J)
We have created a container image and runnig Our playbooks through that execution environment
there are 4 domains:
example1 domain have ex1 ip
example2 and example 3 currently working under same ex2 ip
example4 domain have ex3 ip
This is my Krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = example1.net
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
EXAMPLE1.NET = {
kdc = HOSTNAME.example1.net
admin_server = HOSTNAME.example1.net
}
EXAMPLE2.NET = {
kdc = HOSTNAME.example2.net
admin_server = HOSTNAME.example2.net
}
EXAMPLE3.NET = {
kdc = HOSTNAME.example3.net
admin_server = HOSTNAME.example3.net
}
EXAMPLE4.NET = {
kdc = HOSTNAME.example4.net
admin_server = HOSTNAME.example4.net
}
[domain_realm]
.example1.net = EXAMPLE1.NET
example1.net = EXAMPLE1.NET
.example2.net = EXAMPLE2.NET
example2.net = EXAMPLE2.NET
.example3.net = EXAMPLE3.NET
example3.net = example3.NET
.example4.net = EXAMPLE4.NET
example4.net = example4.NET
my resolv.conf:
nameserver ex1
nameserver ex2
nameserver ex3
Now, the problem is if I alter resolv.conf like ex1 keep it 2nd line then its not able to connet the error is Cannot contact any KDC for realm 'example1' while getting initial credentials.
then now if I keep it in 1st line then its work, again ex3 i.e., for example 4 its not working in 3rd line if I keep it in 1st line its pinging. Plaese Help, Ites been more than 1 month and not able to resplve this.
I'm able to nslookup and also kinit is working for all the domians.
And from /etc/hosts file its not working so just tryiing with resolv.conf file
there are 4 domains:
example1 domain have ex1 ip
example2 and example 3 currently working under same ex2 ip
example4 domain have ex3 ip
This is my Krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = example1.net
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
EXAMPLE1.NET = {
kdc = HOSTNAME.example1.net
admin_server = HOSTNAME.example1.net
}
EXAMPLE2.NET = {
kdc = HOSTNAME.example2.net
admin_server = HOSTNAME.example2.net
}
EXAMPLE3.NET = {
kdc = HOSTNAME.example3.net
admin_server = HOSTNAME.example3.net
}
EXAMPLE4.NET = {
kdc = HOSTNAME.example4.net
admin_server = HOSTNAME.example4.net
}
[domain_realm]
.example1.net = EXAMPLE1.NET
example1.net = EXAMPLE1.NET
.example2.net = EXAMPLE2.NET
example2.net = EXAMPLE2.NET
.example3.net = EXAMPLE3.NET
example3.net = example3.NET
.example4.net = EXAMPLE4.NET
example4.net = example4.NET
my resolv.conf:
nameserver ex1
nameserver ex2
nameserver ex3
Now, the problem is if I alter resolv.conf like ex1 keep it 2nd line then its not able to connet the error is Cannot contact any KDC for realm 'example1' while getting initial credentials.
then now if I keep it in 1st line then its work, again ex3 i.e., for example 4 its not working in 3rd line if I keep it in 1st line its pinging. Plaese Help, Ites been more than 1 month and not able to resplve this.
I'm able to nslookup and also kinit is working for all the domians.
And from /etc/hosts file its not working so just tryiing with resolv.conf file