Posts: 34
Registered: ‎10-04-2017

AD Trust with multiple domains



We have two AD domains for users and a new domain for each cluster( we have 21 clusters) as below.


dev: dev.SUK.PRE.CORP

pre: pre.SUK.PRE.CORP

prod: SUK.CORP


test: prepuk.puk.pre.corp


As of now, we created trust between all cluster domains individually at the AD. Now we want to change this to parent level. I have configured my krb5 as belo to work with my test parent domain so that we can switch to actual domain if successful. But it always fails with no service credential. I have created krbtgt and the AD has created the trust as well. Am i missing anything??


default_realm = DEV.SUK.PRE.CORP
dns_lookup_kdc = true
dns_lookup_realm = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts aes128-cts aes256-cts-hmac-sha1-96
udp_preference_limit = 1
kdc_timeout = 2000


kdc =
kdc =
kdc =
admin_server =
default_domain = prepuk.puk.pre.corp



.prepuk.puk.pre.corp = DEV.SUK.PRE.CORP
prepuk.puk.pre.corp = DEV.SUK.PRE.CORP


Posts: 34
Registered: ‎10-04-2017

Re: AD Trust with multiple domains

Ofcourse i did add the kdc of prepuk.puk.pre.corp in conf file. Its not pasted here for security reasons.