LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-20-2010, 07:38 AM   #1
MeeLee
Member
 
Registered: Aug 2009
Posts: 48

Rep: Reputation: 3
Setting SPNS


On a DC (In an windows AD domain), I have used the setspn command to create two new HTTP SPNs for a linux box.

The linux box is a RHEL 5.5 one.
It has been joined to the domain via configuring the smb.conf and then I had generated a new krb5.keytab after configuring kerberos.

You can login to the server with an AD account (though I did have to set up the account locally for it to work. That way, when you enter the AD credentials you then get passed to the local account settings - is that right...or should it just work? - other users trying to access the box are recognised but are offered the option of creating a home drive and then their account is "locked out" from the local Linux box, unless you add them locally)

The server is a web server and uses an application - specific httpd and httpd.conf.

users on the AD domain are authenticating ok via IE to the linux box a fair amount of the time, but they get authentication issues at intermittent times. The most common issue is with authenication during login, and then very occasionally when trying to click on a link on the site when they have been logged in successfully and browsing for some time...

after using wireshark, I deduced that every time a user logs in from an XP machine via IE, the linux box sees this and acknowledges them then immediately grants them access...or sees them but then takes about 3 minutes apparently doing nothing (can't see anything useful in the logs) and then throws a message back to the user telling them their authentication failed despite the fact that the password was correct...


As part of my troubleshooting process, I had noticed that the krb5.keytab was missing some expected SPNs. I have re-generated the keytab with the net ads http keytab add command and some of them appeared...however, the server has been set up in DNS to forward to an alias and there are no SPNs for that alias...

I was trying to experiment and see what would happen if I set up some http SPNs for the alias incase the authentication issues were something to do with that...

...I set up the relevant SPNs on the relevant DC and when you do setspn -L server name you can see that they now appear.

...however, when you re-generate the keytab via the net ads http keytab add on the Linux box, the new SPNs still don't appear (i've waited about an hour incase it was replication)...


Could anyone advise? If that doesn't make sense, please fire away with questions and i'll try to explain further!

Also, if anyone could assist with the rest of my trouble-shooting (as to why there is such dodgy authentication) that would be an added bonus!

Things i've checked:

NTP settings - all ok.
when you do a kinit "username" it is fine, but when you do kinit -k -t /etc/krb5.keytab it comes up with:

kinit(v5): client not found in kerberos database while getting initial credentials



Thanks,

MeeLee

Last edited by MeeLee; 09-20-2010 at 07:58 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting time and date / setting calendar format Kalbadus Linux - Newbie 1 05-15-2010 12:40 AM
General X setting (NOT WM-specific setting) to map keys/mouse buttons? Wombat Pete Linux - Software 1 04-24-2010 01:45 PM
Setting font in one console doesnt override the default setting Lakki Linux - Enterprise 0 09-01-2008 08:19 AM
setting setting umask for apache user only....how?..plz help mickyman Linux - General 0 05-08-2006 04:37 AM
Setting unusual networking setting in Mandrake zamri Linux - Networking 1 05-28-2004 06:43 AM


All times are GMT -5. The time now is 02:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration