I am wanting to make it to where whenever I want to log into my Linux machines, I can use a username and password that is on my Active Direcory server. Before anyone tells me about power broker, I am aware of it's existence and I personally think it's a pain in the neck and the alternatives that I have been reading about have been showing more hope than power broker ever could. I am wanting to use Kerberos, LDAP and PAM in order to accomlish this. I am stuck in the kerberos part of the installation, All of the users on the windows server and running and each one has a password. Things in the Linux end of everything is what is giving me trouble.
Here is my krb5.conf file.
Code:
[libdefaults]
ticket_lifetime = 600
default_realm = BARONOBEEFDIP.JOSH
default_tkt_enctypes = des-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
BARONOBEEFDIP.JOSH = {
kdc = 192.168.1.101
default_domain = BARONOBEEFDIP.JOSH
}
[domain_realm]
.baronobeefdip.josh = BARONOBEEFDIP.JOSH
baronobeefdip.josh = BARONOBEEFDIP.JOSH
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
When I run the kinit command with the username and domain, I get this message.
Code:
kinit: No supported encryption types (config file error?) while getting initial credentials
After I comment out the lines in the krb5.conf file
Code:
default_tkt_enctypes = des-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
and I run the kinit command again, I am prompted for a password, I enter the password and I get this message.
Code:
kinit: KDC reply did not match expectations while getting initial credentials
What exactly is going on here, I know there is a way to get Linux to log into the active directory server, I have read about it working without having to use something like power broker. Thanks for your time. I also plan to try and integrate a number of other services with AD, This one was the first on the list.
