authenticating to AD from linux login

melissa_benkyo wyl_lyf at yahoo.com
Wed May 5 09:41:34 EDT 2004


I think I might have it figured out. It might not really be an ldap
issue but a kerberos setup issue. Here is the scenario guys. I'm quite
confused about domains/realms. I have 2 AD (lets say AD1 and AD2) I
have a linux machine belonging to AD1. so it means I have linux.AD1.
But I want to authenticate from linux using a user in AD2. So I
created a keytab for linux machine on AD2. and I set up the
[domain_realm] on the linux machine as so .AD1 = AD1, AD1 = AD1,
.linux.AD1 = AD1, linux.AD1= AD1. I tried different combinations. I'm
not sure what is the right approach. Do you think that I couldn't
login any user local and AD2 users because it couldn't access the
linux keytab? logs aren't showing anything useful.

any help is much appreciated. thanks!





wyl_lyf at yahoo.com (melissa_benkyo) wrote in message news:<304f3217.0405040738.523190a5 at posting.google.com>...
> hello all,
> 
> I have a weird problem with authentication to active directory from my
> linux box using kerberos. I'm using pam_krb5 to do the authentication
> and looking up the uid/gid through ldap meaning I do not have an entry
> in the /etc/passwd file.  I am able to see the entry from active
> directory when I do a getent passwd but when I try to login. I
> couldn't login and even the local users couldn't login. yikeS! that
> would be a problem. hehehe :D
> 
> so any ideas? what could be the problem? I'm thinking in these
> directions:
> 1) pam side: I think these are okay since if I add an entry in the
> /etc/password to indicate to use kerberos then it will authenticate.
> 2) ldap side: more so this problem i would think. BUt I'm not sure
> what exactly. is there any additional setup for ldap in pam.conf?
> should I add pam_ldap? I modified the nsswitch.conf. what else does it
> want from meeee? hehehe :D
> 
> well, any insight is much appreciated. thanks!


More information about the Kerberos mailing list