Le 13/04/2011 11:35, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
Le 12/04/2011 22:03, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
Indeed, nothing fails now. I want my users to authenticate against
Active directory, and it works, and I would like them to
On Wed, 13 Apr 2011, Alain Péan wrote:
Hi John,
There are only two realms I mentionned, LAB-LPP.LOCAL, and
TEST-LPP.LOCAL. I am currently doing test with the latter, and indeed,
pc-2003-test is the AD DC, so the KDC for TEST-LPP.LOCAL. The fdqn is
also pc-2003-test.test-lpp.local.
'kinit
Le 13/04/2011 12:03, John Hodrien a écrit :
On Wed, 13 Apr 2011, Alain Péan wrote:
Hi John,
There are only two realms I mentionned, LAB-LPP.LOCAL, and
TEST-LPP.LOCAL. I am currently doing test with the latter, and indeed,
pc-2003-test is the AD DC, so the KDC for TEST-LPP.LOCAL. The fdqn is
On Wed, 13 Apr 2011, Alain Péan wrote:
I'll try know, with the change in /etc/krb5.conf (validate = false), if
it works now.
It won't (or at least it shouldn't). Validate is essential as it confirms
that the KDC providing the TGT to the user is the same KDC that you registered
with when you
Le 13/04/2011 14:05, John Hodrien a écrit :
On Wed, 13 Apr 2011, Alain Péan wrote:
I'll try know, with the change in /etc/krb5.conf (validate = false), if
it works now.
It won't (or at least it shouldn't). Validate is essential as it
confirms
that the KDC providing the TGT to the user is
On Sun, 10 Apr 2011, Alain Péan wrote:
After further verification, it seems to be related to ticket granting.
Here is what I have in /var/log/messages :
su: pam_krb5[7200]: TGT failed verification using keytab and key for
'host/bardeen.lab-lpp.local@LAB-LPP.LOCAL': Cannot find ticket for
Le 12/04/2011 13:46, John Hodrien a écrit :
On Sun, 10 Apr 2011, Alain Péan wrote:
After further verification, it seems to be related to ticket granting.
Here is what I have in /var/log/messages :
su: pam_krb5[7200]: TGT failed verification using keytab and key for
Le 12/04/2011 14:35, Alain Péan a écrit :
Le 12/04/2011 13:46, John Hodrien a écrit :
On Sun, 10 Apr 2011, Alain Péan wrote:
After further verification, it seems to be related to ticket granting.
Here is what I have in /var/log/messages :
su: pam_krb5[7200]: TGT failed verification using
On Tue, 12 Apr 2011, Alain Péan wrote:
Hi John,
Thnks for your answer. Here are the content of /etc/krb5.conf and klist
-ke. I agree that there can be siomething missing, that was working
before...
The keytab isn't valid for the host as it doesn't contain a usable principal
for doing a
On Tue, 12 Apr 2011, Alain Péan wrote:
Sorrry, little error with the output of klit -ke, because I am testing
on a test AD domain at this moment. On the first machine, output is :
# klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
Le 12/04/2011 16:28, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
Sorrry, little error with the output of klit -ke, because I am testing
on a test AD domain at this moment. On the first machine, output is :
# klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
On Tue, 12 Apr 2011, Alain Péan wrote:
In fact, I solved the problem using the authconfig command, but I wonder
if it is really correct, as I mixed kerberos and ldap. Here is the
authconfig command for my test domain :
Using kerberos and ldap is a perfectly reasonable thing to want to do, but
Le 12/04/2011 18:29, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
In fact, I solved the problem using the authconfig command, but I wonder
if it is really correct, as I mixed kerberos and ldap. Here is the
authconfig command for my test domain :
Using kerberos and ldap is a
On Tue, 12 Apr 2011, Alain Péan wrote:
Indeed, nothing fails now. I want my users to authenticate against
Active directory, and it works, and I would like them to be able to use
their kerberos credentials, if they need, to access domain ressources,
as shares. But I have still to see a problem
Le 12/04/2011 22:03, John Hodrien a écrit :
On Tue, 12 Apr 2011, Alain Péan wrote:
Indeed, nothing fails now. I want my users to authenticate against
Active directory, and it works, and I would like them to be able to use
their kerberos credentials, if they need, to access domain ressources,
Hi all,
I just upgraded more servers, and doing some tests I found that my setup
for kerberos/ldap authentication against Active Directory is no more
working. I don't know why...
I followed some times ago scott Lowe blog for this setup :
Le 10/04/2011 17:31, Alain Péan a écrit :
Hi all,
I just upgraded more servers, and doing some tests I found that my setup
for kerberos/ldap authentication against Active Directory is no more
working. I don't know why...
I followed some times ago scott Lowe blog for this setup :
17 matches
Mail list logo
