Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have a CentOS 5.6 server operating as a Kerberos 5 KDC and an OpenLDAP server. I have a Fedora 15 client that I am trying to to desktop login authentication through the Kerberos/LDAP server. It's not working.
I can successfully kinit from both the server and the client on the command line, and likewise ldapsearch works from the command line on both the client and the server.
When I try to log into the client using a Kerberos/LDAP username/password, it simply says 'Authentication failure'
I've included what I hope are the relevant configuration files and log entries from both the client and the server. Thanks in advance for any thoughts, advice, or solutions
Here's the configuration and log files from the server:
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
And from the client,
Jun 23 13:41:01 vt1 pam: gdm-password: pam_unix(gdm-password:auth): check pass; user unknown
Jun 23 13:41:01 vt1 pam: gdm-password: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jun 23 13:41:01 vt1 pam: gdm-password: gkr-pam: error looking up user information
The entries in the Authentication GUI on the client (system-config-authentication)
User Account Database: LDAP
LDAP Search Base DN: dc=imagenet
LDAP Server: ldaps://imagehost.imagenet/
Use TLS to encrypt connections is UNCHECKED
Authentication Method: Kerberos password
Admin Servers: imagehost.imagenet
Use DNS to resolve hosts to realms is UNCHECKED
Use DNS to locate KDCs for realms is UNCHECKED
I can try DNS/Realm lookup again. I tried it before, but I may have fixed something else since then.
I've tried various forms of the user name, but not the one that you suggested. Using kinit from the command line, it seems to take an implied "@IMAGENET" suffix, so I assumed that would be the case with the desktop login as well. I will try the username permutation that you suggested.
Connectivity between the two systems is good; ping, ssh, DHCP, DNS, and even Kerberos and LDAP work. The problem is that they don't seem to work for desktop login. Once I log in to a local accout on the Fedora box, I can use kinit user from a terminal window, and it works perfectly. Likewise, I can use ldapsearch from the terminal, and it works fine too (although with a 2 or so second pause, which I'm still trying to figure out)
But when I try to use Kerberos credentials to log into the desktop (you know the screen that is presented when the computer boots? It shows a face browser. I believe it's part of GDM) it doesn't work, giving me a vauge 'authentication failure' message.