Authenticating Linux Active Directory
hi there,
i'm trying to get my REDHAT server to authenticate against Active Directory using PAM and so far i've managed to get winbind working when i type the command 'wbinfo -g' i get the list of all the domain groups, i've added it to the domain using the 'net ads join -S <server name> -U <username>' and it all works fine i THINK i have my kerberos client working ... now i've edited my krb5.conf file (shown below [1]) and i've found this suse site (shown below[2]) tell me that if i type in the command 'kinit <username>' and then my password i should get the response 'kinit: NOTICE: ticket renewable lifetime is 1 week' but when i type it in i get nothing ... can someone tell me what i'm doing wrong. or if this is only ment to happen in SUSE not REDHAT. or if there is a kerberos log file i can look at to see if the authentication actually worked? [1] [libdefaults] default_realm = SCHOOL.CATHEDRAL.QLD.EDU.AU [realms] SCHOOL.CATHEDRAL.QLD.EDU.AU = { kdc = senior-server.school.cathedral.qld.edu.au default_domain = SCHOOL.CATHEDRAL.QLD.EDU.AU kpasswd_server = senior-server.school.cathedral.qld.edu.au admin_server = senior-server.school.cathedral.qld.edu.au } [domain_realm] .school.cathedral.qld.edu.au = SCHOOL.CATHEDRAL.QLD.EDU.AU [2] http://www.wown.com/articles_tutoria...Directory.html |
If you're using Krb5 for your auth, have you verified that the user that you are attempting to auth as has an entry in the /etc/passwd file?
in my experience, Krb was strictly used for authentication of identity, not providing the remainder of the posix attributes...so you needed to have an /etc/passwd entry for the user. |
|
All times are GMT -5. The time now is 08:05 PM. |