krbPrincipalName not creating principal in kerberos
keerthi krishnan
keerthikrishnan1369 at gmail.com
Thu Feb 3 00:58:01 EST 2022
Hi Team,
I have ldap setup and kerberos setup.
Requirement:
1. We have list of users in ironport ldap and want to sync particular group
cn to kerbros and its password. So that both ldap and. kerberos will have
same password.
2. I want to create user object in ldap with multiple user alias like
uid=alice, krbPrincipalAliases: alice/admin at DOMAIN.COM
krbPrincipalName: alice/admin at DOMAIN.COM
Achieved
1. I have complied smbkrb5passwd module to sync user and its password from
ldap to kerberos. Here uid is creating as principal in kerberos.
Not working.
I have added user data like this
++++
dn: uid=wilf,ou=people,dc=domain,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: krbprincipalaux
objectClass: krbTicketPolicyAux
uid: wilf
cn: wilf/admin
sn: Fernandz
loginShell: /bin/bash
uidNumber: 10003
gidNumber: 10003
homeDirectory: /home/wilf
shadowMax: 60
shadowMin: 1
shadowWarning: 7
shadowInactive: 7
shadowLastChange: 0
krbPrincipalAliases: wilf/admin at DOMAINCOM
krbPrincipalName: wilf/admin at DOMAIN.COM
++++
But in kerberos, the principal creating as wilf at DOMAIN.COM but
krbPrincipalAliases not creating as prinicipal.
Even I tried creating this user wilf/admin at DOMAINCOM in kerberos manually
and tried changing password for uid wilf but alias and uid is not mapped so
it is not updating.
How can we achieve adding multiple principal alias for the same userobject.
?. I dont want to add multiple user and manage inldap.
I am kind of blocked here. Please help me.
Regards
K.Keerthiga
More information about the Kerberos
mailing list