Dear All,
this i feel is a little out of topic but really apprecite if someone can help
i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server .. but am not able to do so . i get the following error when i run kinit
kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
i have the following packages installed on my linux box
[root@testproxy init.d]# rpm -qa | grep krb krb5-devel-1.6.1-25.el5_2.2 krb5-workstation-1.6.1-25.el5_2.2 krb5-auth-dialog-0.7-1 krb5-libs-1.6.1-25.el5_2.2 pam_krb5-2.2.14-1.el5_2.1
rpm -qa|grep ntp ntp-4.2.2p1-8.el5.centos.1 chkfontpath-1.10.1-1.1
root@testproxy init.d]# rpm -qa|grep samba system-config-samba-1.2.39-1.el5 samba-client-3.0.28-1.el5_2.1 samba-common-3.0.28-1.el5_2.1 samba-3.0.28-1.el5_2.1
my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
---- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false
[realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL }
[domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
as i said before when i run kinit kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library
i tried googlin n tried varios options in the conf file but no luck i would really apprecite n be thankful if someone could point out the syntax error in my krb5.conf file or if any missing software i need to check n install or anyway i could track this error
also is there anything to check on my windows 2003 AD Server
Thanks and appreciate
Fabain
2009/3/25 fabian dacunha fabian@baladia.gov.kw:
Dear All,
this i feel is a little out of topic but really apprecite if someone can help
i am tryin to authenicate my Centos 5.2 box to windows 2003 ADS server .. but am not able to do so .
This is probably a dumb question, but have you tried asking the kerberos people? See http://www-cdf.fnal.gov/upgrades/computing/icrb/kerberos-help.html.
HTH
mhr
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false
[realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL }
You only need one kdc here. Choose one, comment/delete the other.
[domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server
What are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them.
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
kinit should work after making the changes above.
Regards,
Ranbir
On Wed, Mar 25, 2009 at 1:08 PM, Kanwar Ranbir Sandhu m3freak@thesandhufamily.ca wrote:
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false
[realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL }
You only need one kdc here. Choose one, comment/delete the other.
[domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server
What are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them.
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
kinit should work after making the changes above.
Regards,
Ranbir
-- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
it would be so much easier if all configuration files were written in XML and by default would have an enforcing document type definition. Self commenting, would make sure syntax is correct, and further could ensure "grammar" is correct for the desired configuration. Namespaces can make XML less verbose;.
Thanks Guys i already did solve the problem of gettin kinit work kinit Administrator and after enterring the password worked grt
here my krb5.conf which is workin perfect
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = BALADIA.LOCAL dns_lookup_kdc = false
dns_lookup_realm = false [realms] BALADIA.LOCAL = { default_domain = baladia.local kdc = xx.xx.xx.xx:88 admin_server = xx.xx.xx.xx:749 kdc = KMUN }
[domain_realm] baladia.local = BALADIA.LOCAL
once again really apprecite your help
now just wanna get my centos box join my win2003 AD server now..
regards
Fabian
On Wed, 2009-03-25 at 13:15 +0300, fabian dacunha wrote:
my domain name is===> baladia.local Windows 2003 AD server computer name is====> kmun
my /etc/krb5.conf file is
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] ticket_lifetime=24000 default_realm=BALADIA.LOCAL dns_lookup_realm = false dns_lookup_kdc = false
[realms] BALADIA.LOCAL={ kdc=172.16.2.227:88 # admin_server=kmun.baladia.local:749 default_domain=BALADIA.LOCAL kdc=BALADIA.LOCAL }
You only need one kdc here. Choose one, comment/delete the other.
[domain_realm] .baladia.local=BALADIA.LOCAL baladia.local=BALADIA.LOCAL
kerberos 88/udp kdc # Kerberos key server kerberos 88/tcp kdc # Kerberos key server
What are these "kerberos" lines for? Why have you put them here? They don't belong - comment/delete them.
[kdc] profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
kinit should work after making the changes above.
Regards,
Ranbir
-- Kanwar Ranbir Sandhu Linux 2.6.27.19-170.2.35.fc10.x86_64 x86_64 GNU/Linux 14:06:36 up 19 days, 13:32, 4 users, load average: 0.14, 0.20, 0.18
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-
fabian dacunha -
Kanwar Ranbir Sandhu -
MHR -
Rob Townley