[CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
Alain Péan
alain.pean at lpp.polytechnique.fr
Tue Apr 12 20:29:35 UTC 2011
Le 12/04/2011 22:03, John Hodrien a écrit :
> On Tue, 12 Apr 2011, Alain Péan wrote:
>
>> Indeed, nothing fails now. I want my users to authenticate against
>> Active directory, and it works, and I would like them to be able to use
>> their kerberos credentials, if they need, to access domain ressources,
>> as shares. But I have still to see a problem there..
>>
>> Thanks again for your help and your comments !
>
> So is it all working after taking out the ldap auth? With it in
> you'll not be
> generating kerberos tickets if there's anything wrong with your kerberos
> setup.
>
> jh
No, you are right, things do not work as I expect. When I disable
ldapauth, I cannot authenticate. So kerberos is not working.
I have kerberos error messages with samba when I try to join AD domain
with net ads join. But net rpc join succeeds.
# net ads join -U pean -d3
....
[2011/04/12 22:19:45.797972, 3] libads/sasl.c:790(ads_sasl_spnego_bind)
ads_sasl_spnego_bind: got server principal name =
pc-2003-test$@TEST-LPP.LOCAL
[2011/04/12 22:19:45.798331, 3] libsmb/clikrb5.c:698(ads_krb5_mk_req)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2011/04/12 22:19:45.811493, 1] libsmb/clikrb5.c:710(ads_krb5_mk_req)
ads_krb5_mk_req: smb_krb5_get_credentials failed for
pc-2003-test$@TEST-LPP.LOCAL (Cannot find ticket for requested realm)
....
Why 'no credential cache found' ?
I would like to solve this annoying problem. Why it is no more working
after upgrading to 5.6 ?
Alain
More information about the CentOS
mailing list