In windows.yml, please double-check and ensure that the ansible_ssh_user: user@MYDOMAIN.NET line does indeed have the realm MYDOMAIN.NET in upper case. Somewhere, the realm request to the KDC is being sent in lower case instead of upper case causing the 'KDC reply did not match expectations..' error.

KDC reply did not match expectation while getting initial credential

After lots of acrobatics with keytab files. (The doc should mention that the realm name needs to be capitalized in the principal in step 5 when creating the keytab file. to avoid a "KDC reply did not match expectations for client ... lower-case detected in realm 'company.lan' while getting initial credentials)

The FQDN must be resolvable to an IP address on the SQL Server ODBC driver machine. Otherwise, you will get "Cannot resolve network address for KDC in requested realm while getting initial credentials" when attempting to access the KDC.

The samba4 KDC returns the canonicalized principal here which is ok because it can implicitly assumed that when using enterprise principals you want the right principal in the response. But the MIT Kerberos client library only allows a change in the principal if canonicalization is enabled in the request. This is why you see the 'KDC reply did not match expectations' error message.

# kinit ichikawa@hogehoge.co.jpPassword for ichikawa@hogehoge.co.jp:Windowsドメインのパスワードを入力するkinit(v5): KDC reply did not match expectations while getting initial credentialsドメインが小文字

# kinit ichikawa@HOGEHOGE.CO.JPPassword for ichikawa@HOGEHOGE.CO.JP:Windowsドメインのパスワードを入力するkinit(v5): Preauthentication failed while getting initial credentialsパスワードを間違えた

# kinit ichikawa@HOGEHOGE.CO.JPPassword for ichikawa@HOGEHOGE.CO.JP:Windowsドメインのパスワードを入力するkinit(v5): Clock skew too great while getting initial credentialsLinuxと ActiveDirectoryの DCの時刻が 5分以上ずれている

In my case, I needed to kinit to MYDOMAIN.LOCAL rather than MYDOMAIN.COM.Not sure if this is due to an authentication setting in AD in general or just for my AD domain. My domain has 2 DCs, one is W2k3 R2 and the other (the one specified as mydc.mydomain.com in krb5.conf) is W2k8 R2.But this is another possible cause for the "Realm not local to KDC while getting initial credentials" message

Is there a particular reason why Avro Aircraft Limited (Canada) {Avro Canada) products are listed under just Avro, while Pratt & Whitney Canada products are all listed as Pratt & Whitney Canada, not Pratt & Whitney. To me, the current names are confusing, as it implies these are products developed by the patent Avro company in Britain, and not separately in Canada as most of these products were. I understand that Canadian logic is quite different than what most Americans are used to, so I am asking rather than simply trying to move Avro Chinook, Avro Orenda, Avro CF-100, etc to names that match the Avro Canada Jetliner page. And before someone tries to claim that PW and PWC are completely separate companies under UTC, the websites of both companies state that PWC is a direct subsidiary of PW. If you disagree, please call/email PW and PWC and tell them their websites are wrong. :) - BillCJ (talk) 22:47, 7 February 2008 (UTC)Reply[reply]

A new editor has decided to revive the endless "My plane is better than your plane" disputes on the HAL Tejas and JF-17 Thunder, to the point of taking my insistence for including the 2 aircraft in the "Comparable" fields of the "See also" section as "proof" that I must be Indian. I answered his initial objections at length on the JF-17 talk page, to which he responded by reverting, and posting the same objections on the Tejas page! This continual dispute between the two countries carrying over to WP is getting really old, and I'm going to step back from this for a while, as such stress does not help my health. Any intervention would be appreciated. Thanks. - BillCJ (talk) 07:40, 5 April 2008 (UTC)Reply[reply] 2ff7e9595c