Well, i try my first test and work, if i authentic with Ldap protocols without kerberos work, but i try add kerberos, show erros messages in log. Any idea?
No errors in apachectl configtest ############################################### cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = REDE.COM.BR dns_lookup_realm = false dns_lookup_kdc = true dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_ccache_name = KEYRING:persistent:%{uid} [realms] REDE.COM.BR = { kdc = REDE.COM.BR admin_server = REDE.COM.BR } [domain_realm] .rede.com.br=REDE.COM.BR rede.com.br=REDE.COM.BR ############################################### kinit root Password for r...@rede.com.br: klist Ticket cache: KEYRING:persistent:0:0 Default principal: r...@rede.com.br Valid starting Expires Service principal 05/09/2017 09:45:36 05/09/2017 19:45:36 krbtgt/rede.com...@rede.com.br renew until 05/16/2017 09:45:34 ############################################### cat /etc/httpd/conf.d/proxy.conf <VirtualHost *:80> ProxyPreserveHost Off ProxyPass / http://localhost:631/ ProxyPassReverse / http://localhost:631/ LogLevel debug <Location /> AuthType Kerberos KrbMethodNegotiate On AuthName "REDE.COM.BR Domain Login" KrbMethodK5Passwd On KrbAuthRealms REDE.COM.BR Krb5KeyTab /etc/httpd/conf.d/httpd.keytab KrbLocalUserMapping on require valid-user # AuthName "Informe usuario da rede" # AuthType Basic # AuthBasicProvider ldap AuthLDAPUrl ldap:// rede.com.br/ou=usuarios,dc=rede,dc=com,dc=br?sAMAccountName AuthLDAPBindDN cn=users,dc=rede,dc=com,dc=br AuthLDAPBindPassword XXXXXX Require valid-user LDAPReferrals Off </Location> #</Directory> </VirtualHost> ############################################### [root@delorean1 conf.d]# tail -f /var/log/httpd/error_log [Mon May 08 17:48:42.320886 2017] [auth_kerb:error] [pid 19879] [client 10.251.14.140:55636] failed to verify krb5 credentials: Server not found in Kerberos database, referer: http://10.1.1.75/ [Mon May 08 17:48:42.320898 2017] [auth_kerb:debug] [pid 19879] src/mod_auth_kerb.c(1127): [client 10.251.14.140:55636] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), referer: http://10.1.1.75/ [Mon May 08 17:48:55.301656 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://10.1.1.75/ [Mon May 08 17:48:55.301702 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://10.1.1.75/ [Mon May 08 17:48:55.301710 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://10.1.1.75/ [Mon May 08 17:48:55.301736 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1954): [client 10.251.14.140:55638] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: http://10.1.1.75/ [Mon May 08 17:48:55.302037 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1048): [client 10.251.14.140:55638] Using HTTP/10.1.1.75@ as server principal for password verification, referer: http://10.1.1.75/ [Mon May 08 17:48:55.302062 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(752): [client 10.251.14.140:55638] Trying to get TGT for user rede.com.brr...@rede.com.br, referer: http://10.1.1.75/ [Mon May 08 17:48:55.306313 2017] [auth_kerb:error] [pid 19881] [client 10.251.14.140:55638] krb5_get_init_creds_password() failed: Client not found in Kerberos database, referer: http://10.1.1.75/ [Mon May 08 17:48:55.306348 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1127): [client 10.251.14.140:55638] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), referer: http://10.1.1.75/ -- <<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao Pai, senão por mim > (João 14:6) Att. ♪ ♫ Luiz Guilherme Nunes Fernandes ♫ ♪ <<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>