Kinit error on Ubuntu server

I configured Squid Proxy in conjunction with Kerberos authentication in an  Active Directory Domain. During my Tests I used kinit to check my Kerberos ticket on the Ubuntu Server and got the following error message:

kinit: Client not found in Kerberos database while getting initial credentials

The reason was two identical SPNs (Service Principal Names) in the Active Directory. To find them I checked the Active Directory for double SPNs with the setspn command and the -x parameter:

setspn -x

This command checks the Active Directory for identical SPNs and list them.

The command showed me two entries for my Squid Proxy account svcSquid. I deleted both of them with the setspn command and the -D Parameter:

setspn -D HTTP/squid.contoso.com contoso\svcSquid

Then I recreated the SPN with setspn and the -A Parameter:

setspn -A HTTP/squid.contoso.com contoso\svcSquid

I checked the SPNs once again with the setspn and the -x Parameter and it showed no results meaning there are no identical SPNs. After this modification I was able to use kinit command to receive a ticket on the Ubuntu server.

Leave a Reply

Your email address will not be published. Required fields are marked *