Ubuntu Kerberos and Active Directory
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Fri Sep 8 17:34:16 EDT 2006
Hi guys, I am trying to setup kerberos authorization using UBUNTU 6.06
DAPPER, and I think I must be missing something simple.
I followed this easy-to-read HOWTO:
http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication
I stuck pretty close to what they said, with the minor exception that I
did not use LDAP for accounts, but instead used NIS. "getent passwd"
returns our password database, so I know that is working.
kinit and klist work properly. With kpasswd, I can change my Active
Directory password from Linux, so I am guessing that means, my
/etc/krb5.conf is correct.
What does not work, is logging in with my Active Directory password. So
I enabled debugging in PAM, and noticed the following errors when I try
to log in:
Sep 8 17:25:44 nfsv4c sshd[5103]: pam_krb5: pam_sm_authenticate(ssh
rohitm): entry:
Sep 8 17:25:45 nfsv4c sshd[5103]: pam_krb5: verify_krb_v5_tgt():
krb5_sname_to_principal(): Cannot determine realm for host
Sep 8 17:25:45 nfsv4c sshd[5103]: pam_krb5: pam_sm_authenticate(ssh
rohitm): exit: failure
Now my realm is set in the krb5.conf file (I just kinit username, and it
knows my default realm), so do I have to do something else for pam to
understand it?
Also is the krb5.keytab file necessary? It looks like I have to run
commands against as administrator on active directory to generate this
file and if I don't have to do this, I'd rather not!
Rohit
More information about the Kerberos
mailing list