Hello everyone!
I am trying to configure my ldap on freebsd 9 so that I can authenticate users against active directory.
For that I am going to need krb5, I have installed it, it is running cute but when I try to kinit some-user I have a weired problem... lets start from the top, here is my configuration of krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = seth.local
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
seth.local = {
kdc = WIN-SRV.seth.local:88
admin_server = WIN-SRV.seth.local:749
default_domain = seth.local
}
[domain_realm]
.seth.local = SETH.LOCAL
seth.local = SETH.LOCAL
seth.local is my domain and WIN-SRV is my active directory server...
Now I am trying to kinit some user who actually exists on my active directory, here is the result:
[root@ldap /usr/home/neda]# kinit alex
alex@seth.local's Password: //I entered the password here//
kinit: Password incorrect
And then, I try to login with username which doesn't exist at all! And I have:
[root@ldap /usr/home/neda]# kinit jklsajdlkssdasdsa
jklsajdlks@seth.local's Password: //kjaskljdaskvcbylj
user doesn't exist, who cares??//
kinit: krb5_get_init_creds: Client (jklsajdlks@seth.local) unknown
You see? I think kerberos is seeing my active directory perfectly, but I don't know why I see the "password incorrect" message! I am sure that I'm entering the password correctlly! Should I config any special password for kerberos to access active directory and if so, where?? what do you think my problem is??
please please please save me!