Linux authenticating on AD via Kerberos
- From: "Fábio Augusto" <fabiomirmar@xxxxxxxxx>
- Date: Wed, 12 Jul 2006 14:58:38 -0300
Hello There!
I'm trying to configure a Red Hat AS 4 to authenticate via Kerberos on my
Windows 2003 Active Diretory
..
The solution is very simple, the users are going to be created on the Linux
machine (/etc/passwd) and only the password is goingt to be read from the
Active Directory
..
I have configured the AD and the Windows machines can logon normally into it
..
My Linux configuration is based on the kerberos configuration file
/etc/krb5.conf, that follows:
[administrator@linux ~]$ cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
# clockskew = 300
default_realm = CACDOMAIN.BR.IBM.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CACDOMAIN.BR.IBM.COM = {
kdc = win2k3-vm.cacdomain.br.ibm.com:88
# admin_server = kerberos.example.com:749
default_domain = CACDOMAIN.BR.IBM.COM
}
[domain_realm]
.CACDOMAIN.BR.IBM.COM = CACDOMAIN.BR.IBM.COM
# example.com = EXAMPLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
..
I'm using the command "#kinit username" to check if my configuration is
correct before changing the pam files to define that the linux is going to
search for the password at the Active Directory
..
I could check that the password is being read from the active directory,
because I have created an user at /etc/passwd named administrator (the same
username exists on the AD) and when I type a wrong password it returns an
error reporting that the password is wrong and if I try to use an user that
doesn't exists in the AD, it reports it too
..
The problem happens when I try to use the correct username/password that
really exists at the Active Directory, so I receive the
following error message:
[administrator@linux ~]$ kinit
Password for administrator@xxxxxxxxxxxxxxxxxxxx:
kinit(v5): Clock skew too great while getting initial credentials
..
Reading some reports of the same error at the Internet, I could check that
it means that my AD Server clock has a different time
comparing to my linux kerberos client
..
I have checked the time on both machines and it's not so different (just
some seconds of difference):
- On Windows
C:\Documents and Settings\Administrator>time
The current time is: 14:53:22.29
Enter the new time
- On Linux
[administrator@linux ~]$ date
Wed Jul 12 14:53:53 BRT 2006
..
Do you have any idea about the problem that can cause this error message to
occur?
Best Regards,
Fabio Martins
--
Fábio Augusto Miranda Martins
E-mail: fabiomirmar@xxxxxxxxx
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Follow-Ups:
- RE: Linux authenticating on AD via Kerberos
- From: Andrew Bacchi
- Re: Linux authenticating on AD via Kerberos
- From: George Magklaras
- RE: Linux authenticating on AD via Kerberos
- Prev by Date: Problem with Red Hat Cluster Suite
- Next by Date: Re: Monitor not recognized
- Previous by thread: Problem with Red Hat Cluster Suite
- Next by thread: Re: Linux authenticating on AD via Kerberos
- Index(es):
Relevant Pages
|
