LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-15-2014, 09:20 AM   #1
inanibharat
LQ Newbie
 
Registered: May 2013
Location: India
Distribution: Redhat and Centos
Posts: 3

Rep: Reputation: Disabled
Smile LDAP+Kerberos in Ubuntu 13.04


Hello All,

As per subject i have configure LDAP and it's working fine. problem is that when i configure kerberos i have found below mention error during installation of kerberos packages:

krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details

as per error message i have check logs but not found any error regarding this.

kindly guide me where i made a mistake or how to resolve this issue.
 
Old 04-15-2014, 11:46 AM   #2
raubvogel
LQ Newbie
 
Registered: Jan 2014
Posts: 7

Rep: Reputation: Disabled
Not enough info. Which log files did you check? Which log files did you configure kerberos to log to?
 
Old 04-15-2014, 04:32 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
Hope that "EXAMPLE.COM" isn't in your krb5.conf file... (its there as an example, not something to use).
 
Old 04-16-2014, 04:57 AM   #4
inanibharat
LQ Newbie
 
Registered: May 2013
Location: India
Distribution: Redhat and Centos
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks for prompt reply.

i have see logs in /var/log/syslog.
DNS and Ldap both working fine but still have problem in kerberos.
 
Old 04-16-2014, 05:25 AM   #5
esso82
Member
 
Registered: Aug 2013
Location: Plymouth, UK
Distribution: SolydK
Posts: 45

Rep: Reputation: Disabled
hi... does that mean that you have't set up kerberos yet? You need to create database first and a master administrator, try:
$ sudo krb5_newrealm
and follow from there
 
Old 04-16-2014, 06:10 AM   #6
inanibharat
LQ Newbie
 
Registered: May 2013
Location: India
Distribution: Redhat and Centos
Posts: 3

Original Poster
Rep: Reputation: Disabled
Unhappy

Dear esso82,

Thanks for suggest. Pl find details as below:
I have run this command for install kerberos:

# apt-get install krb5-kdc krb5-admin-server

status at the end of process is:
Setting up krb5-config (2.2) ...
Setting up krb5-user (1.10+dfsg~beta1-2ubuntu0.3) ...
Setting up libverto1 (0.2.2-1ubuntu1) ...
Setting up libverto-libevent1 (0.2.2-1ubuntu1) ...
Setting up krb5-kdc (1.10+dfsg~beta1-2ubuntu0.3) ...
krb5kdc: cannot initialize realm EXAMPLE.COM - see log file for details
Setting up krb5-admin-server (1.10+dfsg~beta1-2ubuntu0.3) ...
kadmind: No such file or directory while initializing, aborting
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place.

and after this completion i have run below mention command:

# krb5_newrealm

and here system got stuck and not getting any output for long time.

when i see /var/log/syslog below mention status is found.

Apr 14 16:22:13 ldap kernel: [ 3527.508227] type=1400 audit(1397472733.011:13): apparmor="STATUS" operation="profile_load" name="/usr/sbin/slapd" pid=4291 comm="apparmor_parser"
Apr 14 16:22:13 ldap slapd[4320]: @(#) $OpenLDAP: slapd (Sep 19 2013 22:49:31) $#012#011buildd@batsu:/build/buildd/openldap-2.4.28/debian/build/servers/slapd
Apr 14 16:22:13 ldap slapd[4321]: slapd starting
 
Old 04-16-2014, 07:55 AM   #7
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
Don't know why it tries to setup before getting configuration files...(though it could work if it already had configuration files).

You have to create a krb5.conf file to define the realm (both for clients and the KDC master, and hopefully a slave). Then the krb5_newrealm can do some of the following (can't do the slave stuff though)

Then you have to create the realm database for realm on the KDC.

After that you can start the KDC server(s) on the master (for password updates and the database)

create a user principal (for testing at a minimum), and see if you can do a kinit for that principal.

Define keytabs for the master, and start any kerberos services (ours only used ssh).

create a user principal (for testing at a minimum).

Define keytabs for the slave, and start any services...

start the slave server so that the master can propagate the initial data to the slave.

Take the krb5.conf file used and install it on a client system, and try a kinit.

If everything still works you are ready to create keytabs for any application servers and users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP and Kerberos fail_distraction Debian 4 10-09-2012 08:46 AM
Kerberos vs LDAP SSL? wilslm Linux - Security 1 04-21-2011 02:27 PM
Kerberos LDAP avatardeviva Linux - Server 0 05-29-2010 11:00 AM
LDAP and Kerberos? kja_007700 Linux - Security 2 02-20-2010 08:52 AM
Samba Ldap Kerberos kratos13ec Linux - Server 0 10-05-2007 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration