[CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
John Hodrien
J.H.Hodrien at leeds.ac.ukWed Apr 13 12:05:10 UTC 2011
- Previous message: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
- Next message: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 13 Apr 2011, Alain Péan wrote: > I'll try know, with the change in /etc/krb5.conf (validate = false), if > it works now. It won't (or at least it shouldn't). Validate is essential as it confirms that the KDC providing the TGT to the user is the same KDC that you registered with when you joined the domain. If you don't have that check, I believe it's hideously insecure. But the samba join is affected by many things. /etc/hosts, /etc/krb5.conf, /etc/samba/smb.conf are all well worth double checking for correctness. So you've still got problems that need sorting. If validate doesn't work, then there are keytab issues. The keytab only needs to contain a valid principal for the domain, it doesn't even need to be a credential for that machine. Normally it *would* be for that machine, since you'd generate it through a 'net ads join' with an appropriate smb.conf. > Thanks for your help ! No problem. jh
- Previous message: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
- Next message: [CentOS] Kerberos/LDAP authentication no more working in 5.6 ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list