Hi again Everybody, Second week I have been batling with the problem... A lot of problems a have already solved on the way thanks to your advises. Now I have done everything in compliance with the manual ( http://www.grolmsnet.de/kerbtut/) I have created a fresh domain account in the test domain (because I cannot use production one) , have mapped principal to it, etc. And I'm getting now the error (in the Apache's error_log file) : --------------------- Apache's LOG in case KrbMethodK5Passwd on KrbMethodNegotiate off ------------------------
[Wed Oct 05 17:20:07 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 05 17:20:12 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 05 17:20:12 2005] [debug] src/mod_auth_kerb.c(879): [client 10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user_krb5pwd ret=0 [EMAIL PROTECTED] authtype=Basic [Wed Oct 05 17:20:12 2005] [crit] [client 10.3.103.154 <http://10.3.103.154>] configuration error: couldn't check access. No groups file?: / --------------------- Apache's LOG in case KrbMethodK5Passwd off KrbMethodNegotiate on ------------------------ [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.194 <http://10.3.103.194>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.194 <http://10.3.103.194>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1023): [client 10.3.103.194 <http://10.3.103.194>] Acquiring creds for HTTP/[EMAIL PROTECTED] [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1152): [client 10.3.103.194 <http://10.3.103.194>] Verifying client data using SPNEGO GSS-API [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1168): [client 10.3.103.194 <http://10.3.103.194>] Verification returned code 0 [Wed Oct 05 17:33:12 2005] [debug] src/mod_auth_kerb.c(1186): [client 10.3.103.194 <http://10.3.103.194>] GSS-API token of length 0 bytes will be sent back [Wed Oct 05 17:33:12 2005] [crit] [client 10.3.103.194 <http://10.3.103.194>] configuration error: couldn't check access. No groups file?: / What does it mean? Which groups file I do not have? I'm very, very appreciated for any help! Below are my httpd.conf and krb5.conf -- Thank you very much in advance, Siarhei Baidun ------------------ krb5.conf ----------------- [libdefaults] default_realm = TEST.EPO [domain_realm] gvepl100.test.epo = TEST.EPO [realms] TEST.EPO = { admin_server = odessa.test.epo kdc = odessa.test.epo } ----------------------------Apache's httpd.conf---------------------------------- AuthType Kerberos AuthName "Kerberos Login" Krb5KeyTab /etc/wolfi2.keytab KrbAuthRealms TEST.EPO KrbMethodK5Passwd on KrbMethodNegotiate off KrbServiceName HTTP require valid-user ------------------ result of "ktutil -k /etc/wolfi3.keytab list" command ------------------------------ Vno Type Principal 1 des-cbc-md5 HTTP/[EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
