LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Freeipa + Kerberos + auks
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-14-2019, 01:42 PM   #1
rufa
LQ Newbie
 
Registered: Nov 2018
Posts: 24

Rep: Reputation: Disabled
Freeipa + Kerberos + auks

Hello,

We are using freeipa and i'm trying to configure auks using kerberos but i'm getting an error when trying to start the service:

Code:
# systemctl restart aukspriv
# tail -f /var/log/messages
slurm aukspriv[18008]: unable to get ccache for username using ktfile /etc/auks/auks.keytab : kinit: Preauthentication failed while getting initial credentials
So i added this principal to the keytab:
Code:
#ktutil
ktutil:  add_entry -password -p username.domain_name@DOMAIN_NAME -k 1 -e aes256-cts
read_kt /etc/krb5.kseytab
list
ktutil: 
13    1            username.domain_name@DOMAIN_NAME
I don't understand why still having the error, can some help please ?

Thanks,
Last edited by rufa; 01-14-2019 at 01:44 PM.
 
Old 01-16-2019, 11:40 AM   #2
rufa
LQ Newbie
 
Registered: Nov 2018
Posts: 24

Original Poster
Rep: Reputation: Disabled
Problem solved by creating again the krb5.keytab:

- krb5.keytab contains:
Code:
host/hostname.realm.com@REALM.COM
- aukspriv should contain exactly the same principal as in the keytab:
host/hostname.realm.com@REALM.COM

- auks.conf should contain exactly the same principal as in the keytab:
Code:
host/hostname.realm.com@REALM.COM
- auksd.acl should contain exactly the same principal as in the keytab:
Code:
host/hostname.realm.com@REALM.COM
Note: The principal should have @ between the realm.com and REALM.COM and not /
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Freeipa vs Samba4 : will Redhat dump freeipa in favor of Samba4? exodius Linux - Enterprise 1 12-16-2013 02:16 AM
Active Directory Replacement OpenLdap and/or freeipa? Lantzvillian Linux - Server 7 09-13-2012 06:20 AM
freeIPA setup to ssh to client machines MikeyCarter Linux - Software 1 06-16-2011 08:01 AM
[SOLVED] FreeIPA - error while Installing jomy Linux - Server 3 02-03-2011 08:27 AM
ssh and kerberos error: Server not found in Kerberos database Felipe Linux - Server 1 01-17-2011 03:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:45 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration