Centos 8 + Windows domain authentication

How complex is joining a windows domain to authenticate on a Centos 8 server? very freaking hard. Welcome in 2020, everything is on fire and we are still locked up.

This is a collection of debug attempts to get my Proxmox container, test Centos 8 server authenticate against a domain. For ssh access.

 

kinit

normal use :

kinit [email protected]

Error : Invalid UID in persistent keyring

kinit: Invalid UID in persistent keyring name while getting default ccache

Solution : comment # default_ccache_name = KEYRING:persistent:%{uid} on
/etc/krb5.conf
by brunowego

note : this solution from RedHat, is just a syntax error. (not a real solution)

 

kinit: KDC reply did not match expectations while getting initial credentials

This happened during test of kinit -v

kinit -V [email protected]
Using default cache: /tmp/krb5cc_0
Using principal: [email protected]
Password for  [email protected]
kinit: KDC reply did not match expectations while getting initial credentials

The issue was here I had to use AD.DOMAIN.COM

kinit: Password incorrect while getting initial credentials
wrong password during kinit -v [email protected]

klist

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting Expires Service principal
08/19/2020 16:50:08 08/20/2020 02:50:08 krbtgt/[email protected]
renew until 08/25/2020 16:50:08