2003 R2 AD servicePrincipalName issue
Gnädinger Ralf
ralf.gnaedinger at joma-polytec.de
Wed Nov 9 02:29:20 EST 2011
Hi all,
I am trying to kerbernize my apache via mod_auth_kerb on a debian squeeze box with our company 2003 R2 active directory service.
After I configured Kerberos on my linux box I am able to get a ticket using kinit username.
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: sysman at JOMA.DE
Valid starting Expires Service principal
11/09/11 07:51:29 11/09/11 17:51:17 krbtgt/JOMA.DE at JOMA.DE
renew until 11/10/11 07:51:29, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
Then I created a computer account and added the service principal names like this in our AD
#setspn -R jp-sys8
#setspn -A HTTP/jp-sys8.joma.de jp-sys8
#setspn -L jp-sys8
Registered ServicePrincipalNames for CN=jp-sys8,CN=Computers,DC=joma,DC=de:
HOST/jp-sys8.joma.de
HOST/jp-sys8
HTTP/jp-sys8.joma.de
Now when I use kvno on my linux box it is possible to get the version like this
# kvno HOST/jp-sys8
HOST/jp-sys8 at JOMA.DE: kvno = 2
but if I try HOST/jp-sys8.joma.de it`s not working...
# kvno HOST/jp-sys8.joma.de
kvno: Server not found in Kerberos database while getting credentials for HOST/jp-sys8.joma.de at JOMA.DE
When I am adding HTTP/jp-sys8 as service principal it is the same HTTP/jp-sys8 works HTTP/jp-sys8.joma.de doesn`t.
Is there anything i`ve missed?
Thanks
Ralf
More information about the Kerberos
mailing list