Далаю все по интрукции
https://habr.com/ru/post/437546/получил тикет.
но при попытке выполнить команду
msktutil -c -b 'CN=Тюмень/РИОДежайнейро-Центр/Компьютеры' -s HOST/HOSTNAME.rioc.local -k /etc/sssd/HOSTNAME.keytab --computer-name HOSTNAME --upn HOSTNAME$ --server dc-tymen72.rioc.local
Получаю ошибки:
Error: ldap_sasl_interactive_bind_s failed (Can't contact LDAP server)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.
--> Is DNS configured correctly? You might try options "--server" and "--no-reverse-lookups".
Если использую параметр --no-reverse-lookups то:
Error: ldap_sasl_interactive_bind_s failed (Can't contact LDAP server)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.
В чем проблема: OU записано на кирилице?
/etc/krb5.conf
[libdefaults]
default_realm = RIOC.LOCAL
[realms]
RIOC.LOCAL = {
kdc = dc-tymen72
admin_server = dc-tymen72.rioc.local
default_domain = rioc.local
}
[login]
krb4_convert = true
krb4_get_tickets = false
[domain_realm]
.rioc.local = RIOC.LOCAL
rioc.local = RIOC.LOCAL