Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Auth against AD (kerberos) does not work
Operating Systems AIX Auth against AD (kerberos) does not work Post 302677991 by tomys on Friday 27th of July 2012 03:05:00 AM
Old 07-27-2012
Thank you kah00na for your help.

i saw in your thread (12.08.2010) that you have the same output with lsuser

Quote:
asdf registry=files SYSTEM=KRB5files
After i have done all the steps you show me, it still does not work.

I still see the message
"auth|security:info syslog: pts/2: failed login attempt for UNKNOWN_USER from HOST"

The differences between the entries in /etc/security/user and the output of lsuser still exists.

Code:
HOSTNAME[!]/home/bsp/login>>grep -p kbtest /etc/security/user | egrep "adm 
in|registry|SYSTEM"                                                             
        admin = false                                                           
        registry = KRB5files                                                    
        SYSTEM = "KRB5files"                                                    
HOSTNAME[!]/home/bsp/login>>lsuser -a registry SYSTEM kbtest               
kbtest registry=files SYSTEM=KRB5files

This must be a problem of lsuser!!!

I think, that it is important to know, who says "UNKNOWN USER". Is this a message of the DC? If so, why does it work with kinit and not at the time i try to login?

Is it possible, that the system sends the USER without the REALM at login time, and kinit do send the REALM?
Is there a problem with the environment at login time, so the login process does not recognize the /etc/krb5/krb5.conf file?

Many question i don not know how to get the answers.


I find another strange thing.
After the user is configure for KRB5files the user administration in smitty shows me empty values and wrong values.
Code:
                    Change / Show Characteristics of a User                     

Type or select values in entry fields.                                          
Press Enter AFTER making all desired changes.                                   

[TOP]                                                   [Entry Fields]          
* User NAME                                           kbtest                    
  User ID                                            []                       # 
  ADMINISTRATIVE USER?                                                       +  
  Primary GROUP                                      []                      +  
  Group SET                                          []                      +  
  ADMINISTRATIVE GROUPS                              []                      +  
  ROLES                                              []                      +  
  Another user can SU TO USER?                                               +  
  SU GROUPS                                          []                      +  
  HOME directory                                     []                         
  Initial PROGRAM                                    []                         
  User INFORMATION                                   []                         
  EXPIRATION date (MMDDhhmmyy)                       []                         
  Is this user ACCOUNT LOCKED?                                               +  
  User can LOGIN?                                                            +  
  User can LOGIN REMOTELY(rsh,tn,rlogin)?                                    +  
  Allowed LOGIN TIMES                                []                         
  Number of FAILED LOGINS before                     []                       # 
       user account is locked                                                   
  Login AUTHENTICATION GRAMMAR                       [KRB5files]                
  Valid TTYs                                         []                         
  Days to WARN USER before password expires          []                       # 
  Password CHECK METHODS                             []                         
  Password DICTIONARY FILES                          []                         
  NUMBER OF PASSWORDS before reuse                   []                       # 
  WEEKS before password reuse                        []                       # 
  Weeks between password EXPIRATION and LOCKOUT      []                         
  Password MAX. AGE                                  []                       # 
  Password MIN. AGE                                  []                       # 
  Password MIN. LENGTH                               []                       # 
  Password MIN. ALPHA characters                     []                       # 
  Password MIN. OTHER characters                     []                       # 
  Password MAX. REPEATED characters                  []                       # 
  Password MIN. DIFFERENT characters                 []                       # 
  Password REGISTRY                                  [files]                    
  Soft CPU time                                      []                         
  Soft FILE size                                     []                       # 
  Soft DATA segment                                  []                       # 
  Soft STACK size                                    []                       #

Thanks.
Have a nice weekend.
Last edited by tomys; 07-27-2012 at 05:27 AM.. Reason: Please use code tags and less formatting
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache auth question

While not technically a unix question, I was hoping for some help from you all- I've got an Apache 1.3.x server, and I am using basic auth from the pam_auth module and winbind on the back of that. What I get is a relaly sleek authentication for my Windos domain users, however, as they are wont... (1 Reply)
Discussion started by: loadc
1 Replies

2. IP Networking

netscape console auth problem

:( hi all , i have installed netscape console on my local pc to connect to webmail server using LDAP . when i try to login from my console i get an error "Http Exception: Response: Http/1.1 500 Server Error Status 500" i was told that i need to add my IP to the local.conf file. ... (1 Reply)
Discussion started by: ppass
1 Replies

3. UNIX for Advanced & Expert Users

Solaris 10 auth issue

Very strange one, we've got a recently build server (Sol10 via JET flash). Bascially you can ssh to it fine, but telnet will allow entry of username, but will then feed in a carriage return on the passwd field, this also happens on any auth type command, ie passwd on a user account will also... (4 Replies)
Discussion started by: itsupplies
4 Replies

4. AIX

Kerberos and LDAP Auth

Good day I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right. When I ran kinit username I get a ticket and I can display it using klist. When the user login I can see the ticket request on Windows 2003, but the user... (1 Reply)
Discussion started by: mariusb
1 Replies

5. Shell Programming and Scripting

Difference in auth key commands?

Good morning! What is the difference between: ssh-keygen -t rsa and ssh-keygen -b 2048 -t rsa? Thanks Bigben (2 Replies)
Discussion started by: bigben1220
2 Replies

6. Red Hat

sendmail client with AUTH

HI, I use redhat 5.7 . I configure sendmail as client and deliver the email to the external SMTP server(10.1.1.176) . The smtp server need SMTP AUTH in order to send email with SMTP. I configure and follow this link . Sendmail as SMTP Authentication | Free Linux Tutorials I try to send... (1 Reply)
Discussion started by: chuikingman
1 Replies

7. Solaris

Sol10 - OpenLDAP Auth

Hi, im new to Solaris (10) and need some help please. Situation: Actually is there a Linux (SLES11) OpenLDAP-Server and authentification of Linux-Maschines works pretty sweet. Now i want to put the SOL10 (Sparc) boxes in.... Problem: User Authentification via OpenLDAP on Sol10 doesn´t work... (3 Replies)
Discussion started by: Panzerkampfwagn
3 Replies

8. Gentoo

LDAP-Auth does not work correctly with systemd

Hi, since the upgrade to Gnome 3.6 (now i have 3.8) the authentication over LDAP stops working. The whole machine does not start anymore. The machine boot, but no gdm and no X. I can login, with root, but then the tty hangs. When i look at ttyF12 i see a lot of systemd service the runs random,... (1 Reply)
Discussion started by: darktux
1 Replies

9. Solaris

Solaris 11 iscsi chap auth

hi to all i've done that steps, but i was not completely successful: sudo pkg install group/feature/storage-server sudo svcadm enable stmf sudo zfs create -V 1g rpool/LUN1 sudo stmfadm create-lu /dev/zvol/rdsk/rpool/LUN1 sudo stmfadm list-lu ... (4 Replies)
Discussion started by: jm83
4 Replies
All times are GMT -4. The time now is 10:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy