Reply
Contributor
Posts: 34
Registered: ‎10-04-2017

AD Trust with multiple domains

Hi,

 

We have two AD domains for users and a new domain for each cluster( we have 21 clusters) as below.

 

dev: dev.SUK.PRE.CORP

pre: pre.SUK.PRE.CORP

prod: SUK.CORP

user domains: PRUK.PUK.CORP,SAUK.SUK.CORP

test: prepuk.puk.pre.corp

 

As of now, we created trust between all cluster domains individually at the AD. Now we want to change this to parent level. I have configured my krb5 as belo to work with my test parent domain so that we can switch to actual domain if successful. But it always fails with no service credential. I have created krbtgt and the AD has created the trust as well. Am i missing anything??

 

[libdefaults]
default_realm = DEV.SUK.PRE.CORP
dns_lookup_kdc = true
dns_lookup_realm = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
udp_preference_limit = 1
kdc_timeout = 2000

[realms]

DEV.SUK.PRE.CORP = {
kdc = xxxxxxxxx.dev.suk.pre.corp
kdc = xxxxxxxxxx.dev.suk.pre.corp
kdc = xxxxxxxx.dev.suk.pre.corp
admin_server = xxxxxxxxx.dev.suk.pre.corp
default_domain = prepuk.puk.pre.corp
}

 

[domain_realm]

.prepuk.puk.pre.corp = DEV.SUK.PRE.CORP
prepuk.puk.pre.corp = DEV.SUK.PRE.CORP

 

Highlighted
Contributor
Posts: 34
Registered: ‎10-04-2017

Re: AD Trust with multiple domains

Ofcourse i did add the kdc of prepuk.puk.pre.corp in conf file. Its not pasted here for security reasons.
Announcements