Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-12108

[RFE] Error "KDC reply did not match expectations" should contain more information.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-9.0.0
    • krb5
    • None
    • rhel-idm-uah
    • ssg_idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:

      We have number of cases and case comments where kinit and realm join fails with error "KDC reply did not match expectations" due to the use of lower case realm. So we need to use realm in Upper case for kinit and realm join to succeed.

      It would be really helpful if we can add some more information to error "KDC reply did not match expectations"

      How reproducible:

      • Joining system to AD using below command fails
      1. realm join domain-name --user=username@domain-name -vvv
      • kinit fails when below command is used
      1. kinit username@domain-name

      Actual results:

      1]

      1. realm join domain-name --user=username@domain-name -vvv
        ..
        ..
        ! Couldn't get kerberos ticket for: admin-peterson@pffcu.org: KDC reply did not match expectations
        adcli: couldn't connect to pffcu.org domain: Couldn't get kerberos ticket for: admin-peterson@pffcu.org: KDC reply did not match expectations
        Please check
        https://red.ht/support_rhel_ad
        to get help for common issues.
        ! Failed to join the domain
        realm: Couldn't join realm: Failed to join the domain
        Please check
        https://red.ht/support_rhel_ad
        to get help for common issues.

      2]

      1. kinit username@domain-name
        Password for username@domain-name:
        kinit: KDC reply did not match expectations while getting initial credentials

      Above kinit error does not give exact information.

      Expected results:

      Error "KDC reply did not match expectations" should give more information.

      Example "KDC reply did not match expectations, try UPPERCASE realm or use shortname (without @domain_name)

      Additional info:

      If we are able to add more information to the error it will be really helpful to reduce the large number of cases and case comments that support receives for this error.

      IMPACT :
      A quick search on SFDC gives me around 75 cases and KCS solutions #5592351 and #871613 has around 25 cases attached to each.

              jrische@redhat.com Julien Rische
              rhn-support-bthekkep Bijesh Thekkepat (Inactive)
              Julien Rische Julien Rische
              Michal Polovka Michal Polovka
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: