Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Auth against AD (kerberos) does not work
Operating Systems AIX Auth against AD (kerberos) does not work Post 302676991 by kah00na on Wednesday 25th of July 2012 11:27:19 AM
Old 07-25-2012
Update your /etc/krb5.conf "[libdefaults]" section with these lines:
Code:
default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc aes128-cts
default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts des-cbc-md5 des-cbc-crc aes128-cts

I also have these lines in my /etc/methods.cfg, although I'm not sure what they do...
Code:
NIS:
        program = /usr/lib/security/NIS
        program_64 = /usr/lib/security/NIS_64


DCE:
        program = /usr/lib/security/DCE

I also have both registry and SYSTEM set to "KRB5files"
Code:
hostname:/:$ lsuser -a registry SYSTEM user
user registry=KRB5files SYSTEM=KRB5files
hostname:/:$

---------- Post updated at 10:27 AM ---------- Previous update was at 10:22 AM ----------

I think I had to update those two lines, default_tkt_enctypes & default_tgs_enctypes, because the Windows team upgraded their servers to a later version of Windows.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache auth question

While not technically a unix question, I was hoping for some help from you all- I've got an Apache 1.3.x server, and I am using basic auth from the pam_auth module and winbind on the back of that. What I get is a relaly sleek authentication for my Windos domain users, however, as they are wont... (1 Reply)
Discussion started by: loadc
1 Replies

2. IP Networking

netscape console auth problem

:( hi all , i have installed netscape console on my local pc to connect to webmail server using LDAP . when i try to login from my console i get an error "Http Exception: Response: Http/1.1 500 Server Error Status 500" i was told that i need to add my IP to the local.conf file. ... (1 Reply)
Discussion started by: ppass
1 Replies

3. UNIX for Advanced & Expert Users

Solaris 10 auth issue

Very strange one, we've got a recently build server (Sol10 via JET flash). Bascially you can ssh to it fine, but telnet will allow entry of username, but will then feed in a carriage return on the passwd field, this also happens on any auth type command, ie passwd on a user account will also... (4 Replies)
Discussion started by: itsupplies
4 Replies

4. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

5. Shell Programming and Scripting

Difference in auth key commands?

Good morning! What is the difference between: ssh-keygen -t rsa and ssh-keygen -b 2048 -t rsa? Thanks Bigben (2 Replies)
Discussion started by: bigben1220
2 Replies

6. Red Hat

sendmail client with AUTH

HI, I use redhat 5.7 . I configure sendmail as client and deliver the email to the external SMTP server(10.1.1.176) . The smtp server need SMTP AUTH in order to send email with SMTP. I configure and follow this link . Sendmail as SMTP Authentication | Free Linux Tutorials I try to send... (1 Reply)
Discussion started by: chuikingman
1 Replies

7. Solaris

Sol10 - OpenLDAP Auth

Hi, im new to Solaris (10) and need some help please. Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in.... Problem: User Authentification via OpenLDAP on Sol10 doesn´t work... (3 Replies)
Discussion started by: Panzerkampfwagn
3 Replies

8. Gentoo

LDAP-Auth does not work correctly with systemd

Hi, since the upgrade to Gnome 3.6 (now i have 3.8) the authentication over LDAP stops working. The whole machine does not start anymore. The machine boot, but no gdm and no X. I can login, with root, but then the tty hangs. When i look at ttyF12 i see a lot of systemd service the runs random,... (1 Reply)
Discussion started by: darktux
1 Replies

9. Solaris

Solaris 11 iscsi chap auth

hi to all i've done that steps, but i was not completely successful: sudo pkg install group/feature/storage-server sudo svcadm enable stmf sudo zfs create -V 1g rpool/LUN1 sudo stmfadm create-lu /dev/zvol/rdsk/rpool/LUN1 sudo stmfadm list-lu ... (4 Replies)
Discussion started by: jm83
4 Replies

LEARN ABOUT LINUX

kdb5_util

kdb5_util(1M)                                                                                                                        kdb5_util(1M)

NAME

       kdb5_util - Kerberos Database maintenance utility

SYNOPSIS

       /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] cmd

       The kdb5_util utility enables you to create, dump, load, and destroy the Kerberos V5 database. You can also use kdb5_util to create a stash
       file containing the Kerberos database master key.

       The following options are supported:

       -d dbname

           Specify the database name. .db is appended to whatever name is specified. You can specify an absolute path. If you do not  specify  the
           -d option, the default database name is /var/krb5/principal.

       -f stashfile_name

            Specify the stash file name. You can specify an absolute path.

       -k mkeytype

           Specify  the  master  key  type. Valid values are des3-cbc-sha1, des-cbc-crc, des-cbc-md5, des-cbc-raw, arcfour-hmac-md5, arcfour-hmac-
           md5-exp, aes128-cts-hmac-sha1-96, and aes256-cts-hmac-sha1-96.

       -m

           Enter the master key manually.

       -M mkeyname

           Specify the master key name.

       -P password

           Use the specified password instead of the stash file.

       -r realm

           Use realm as the default database realm.

       The following operands are supported:

       cmd      Specifies whether to create, destroy, dump, or load the database, or to create a stash file.

                You can specify the following commands:

                create -s

                    Creates the database specified by the -d option. You will be prompted for the database master password. If you specify  -s,  a
                    stash  file  is  created  as  specified  by  the  -f  option.  If  you  did  not  specify  -f,  the default stash file name is
                    /var/krb5/.k5.realm. If you use the -f, -k, or -M options when you create a database, then you must use the same options  when
                    modifying or destroying the database.

                destroy

                    Destroys the database specified by the -d option.

                stash

                    Creates  a  stash  file. If -f was not specified, the default stash file name is /var/krb5/.k5.realm. You will be prompted for
                    the master database password. This command is useful when you want to generate the stash file from the password.

                dump [-verbose] [filename] [principals]

                    Dumps the Kerberos database to a flat file that can be used for loading or propagating to a slave KDC. See kprop(1M).  Specify
                    file  name  for a location to dump the Kerberos database. If filename is not specified, the principal data is printed to stan-
                    dard error. Specify -verbose to print out the principal names to standard error in addition to being dumping  into  the  file.
                    Use principals to specify the list of principals that should be dumped.

                load [-verbose] [-update] filename

                    Loads  the  database specified by dbname (see -d option, above) with data from the file specified by filename, which must be a
                    file created by the dump command. Use -update to specify that the existing database should be updated; otherwise, a new  data-
                    base is created. Specify -verbose to print out the principal names to standard error, in addition to being loaded.

       Example 1: Creating File that Contains Information about Two Principals

       The following example creates a file named slavedata that contains the information about two principals, jdb@ACME.COM and pak@ACME.COM.

       # /usr/krb5/bin/kdb5_util dump -verbose slavedata
       jdb@ACME.COM pak@ACME.COM

       /var/krb5/principal

           Kerberos principal database.

       /var/krb5/principal.kadm5

           Kerberos administrative database. Contains policy information.

       /var/krb5/principal.kadm5.lock

           Lock file for the Kerberos administrative database. This file works backwards from most other lock files (that is, kadmin exits with an
           error if this file does not exist).

       /var/krb5/principal.ulog

           The update log file for incremental propagation.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWkdcu                     |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

       kpasswd(1), gkadmin(1M), kadmin(1M), kadmind(1M), kadmin.local(1M), kproplog(1M), kadm5.acl(4), kdc.conf(4), attributes(5), SEAM(5)

                                                                    30 Mar 2005                                                      kdb5_util(1M)
All times are GMT -4. The time now is 01:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy