Hello,
I am having some trouble with the FDS PAM PTA. I am trying to authenticate
against AD
I was trying to verify the password authentication to AD. The only time it
does is kinit <ad user>. To test this, I was trying to setup ssh on a client
box and configure it to bind to the FDS directory. Then I tried ssh
u...@localhost on client box, it will not accept any password and return
below error.
debug1: Authentications that can continue:
publickey,gssapi-with-mic,password debug1: Next authentication method:
gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide
more information No credentials cache found
debug1: Next authentication method: publickey
Here are my questions.
1. Do I have to make any changes in ldap.conf file like below entries?
# RFC 2307 (AD) mappings
# pam_login_attribute uid (enable)
# pam_lookup_policy (enable)
# pam_password crypt (enable)
# pam_password ad (update ad passwd from unix)
2. Edit the following files for kerberos. I was trying to follow this link
for documentation.
http://aput.net/~jheiss/krbldap/howto.html
* krb5.conf
* kadm5.acl
* kdc.conf
3. Edit /etc/pam.d/system-auth and ldapserver.
4. Do I need to have CA cert installed on Admin and Directory servers for
ssh? I mean, I do not have any certificates installed to 389-ds currently.
Is there any other steps missing here?
Thanks,
Prashanth
--
389 users mailing list
389-us...@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
