Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory
Operating Systems Solaris Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory Post 302975712 by cjhilinski on Friday 17th of June 2016 10:59:47 AM
Old 06-17-2016
I have AD working with S10. I struggled a long time with it. Part of it was the pam.conf and the krb5.conf files. I assume you can ssh in as a local user so you've ruled out an sshd misconfiguration. I don't know if the S10 stuff has changed with S11, but if no one has any S11 advice, maybe the S10 setup I have would be a start. One thing that was critical for me was having this entry: verify_ap_req_nofail = false in the libdefaults section of krb5.conf.
 

8 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

unix and active directory

Hi Does anybody know the steps and requirements of the installation process of Windows Active Directory using Unix/Linux Bind DNS. I will appreciate if somebody gives the answer. (1 Reply)
Discussion started by: Darwin Rodrigue
1 Replies

2. UNIX for Dummies Questions & Answers

Active Directory and UNIX

Hello - I have a very vague question, which will probably result in vague answers because I don't have a lot of detailed information and I don't know a whole lot about active directory. Our Windows/NT admin has been rolling out Active Directory over the past several weeks and as time goes on,... (1 Reply)
Discussion started by: rm -r *
1 Replies

3. Linux

How to Unite Redhat 9 Linux with Windows 2003 Active Directory authentication

Dear All, How to configure a Redhat 9 client to windows 2003 server. I have windows 2003 server which act has domain controller in my office. I have been asked to use redhat 9 has client. how to configure so that redhat 9 can authenticate with windows 2003 server .I have username created in... (0 Replies)
Discussion started by: solaris8in
0 Replies

4. Solaris

Connecting Solaris 9 to Windows Active Directory

Hi Everyone, Is it possible to for Solaris 9 box to join a Windows 2000 Active Directory Domain using Samba 3.X. If so are there any How To's out there or does anyone have experience with this. I have successfully done it with RHEL 3. Things that I configured in REDHAt to get it to... (0 Replies)
Discussion started by: morphous
0 Replies

5. HP-UX

HP-UX authenticating to Active Directory

Hey, I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try. I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2). I setup an account on Active Directory which works... (2 Replies)
Discussion started by: Rike255
2 Replies

6. Solaris

Connect smbclient to an windows server 2003 with active directory

Hello everybody .. i want connect with smbclient to an windows server 2003 with active directory. Exist a version of samba that can do this? Thank you very much for your time. Good Luck :b: (3 Replies)
Discussion started by: enkei17
3 Replies

7. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory (3 Replies)
Discussion started by: freshmeat
3 Replies

8. Solaris

Mounting 2012R2 NFS Share on Solaris 10

Hi all, new here. I'm attempting to mount an NFS share I've created on a 2012r2 esx VM on my solaris 10 vm, I'm using the following command: mount 2012box:/sharename /mnt and I get the following result: nfs mount: mount: /mnt: Operation not supported Both vms can ping one... (3 Replies)
Discussion started by: Meshuggener
3 Replies

LEARN ABOUT HPUX

pamkrbval

pamkrbval(1m)															     pamkrbval(1m)

NAME

       - validates the PAM Kerberos configuration.

SYNOPSIS

       { pa32 | pa64 | ia32 | ia64 } [ verbose ] [ CIFS ]

DESCRIPTION

       verifies  the  PAM  Kerberos  related configuration files, and It also checks if the default realm KDC is running.  This tool will help the
       administrator diagnose the problem.

       performs the following validations:

	      Checks whether the control_flags and the module_types specified for the PAM Kerberos specific entries in the /etc/pam.conf file  are
	      valid.

	      Checks  whether  the  PAM Kerberos specific module_paths that are specified in exist.  If the module_path name is not absolute it is
	      assumed to be relative to The (i.e Instruction Set Architecture) token is replaced by this tool with for IA  32-bit  option(  ),	or
	      with for IA 64-bit option( ), or with null for PA 32-bit option( ), or with for PA 64-bit option( ).

	      Checks whether the options specified for pam_krb5 library are valid PAM Kerberos options.

	      Validates  /etc/pam_user.conf  file only if libpam_updbe is configured in /etc/pam.conf file. This validation will be similar to the
	      /etc/pam.conf validation.

	      Validates the syntax of the Kerberos configuration file, /etc/krb5.conf.

	      Validates if the default realm KDC is issuing tickets. Atleast one KDC must reply to the ticket requests for the default realm.

	      Validates the host service principal, in the file, if this file exists. If the keytab entry for this host service principal does not
	      exist  in the default keytab file, checks for the host service principal in the KDC. If the host service principal does not exist in
	      the KDC, then ignores the validation and assumes success. If finds the host service principal in the KDC, issues the following warn-
	      ing message:

	      found on KDC but not found in keytab file.

   NOTE
       An  entry  in /etc/pam.conf file is considered to be PAM Kerberos entry if the file name in the module_path begins with An example of a PAM
       Kerberos entry in /etc/pam.conf is as shown:

       The machine is considered to be configured with libpam_updbe if	the file name in the module_path of an entry in /etc/pam.conf begins  with
       An example of a pam_updbe entry in /etc/pam.conf is as shown:

   LOGGING
       logs all messages to stdout. The log categories provided are:

	      These messages are logged when verbose option is set.

	      These messages are logged to notify the user about the erroneous lines in pam configuration files or to notify about the skipping of
	      /etc/pam_user.conf file validation.

	      These messages are logged when any of the above mentioned validation fails.

	      These messages are logged to notify the user about a potentially erroneous configuration on the system that may result in validation
	      failure.

	      These messages are logged when any of the above mentioned validation succeeds.

	      These messages are logged when validation of /etc/krb5.keytab is ignored.

	      These messages are logged to inform the user about the exact problem in the pam configuration files.

	      These messages will give some minimal help to the user to rectify the problem.

	      If  there  are any or or messages then there is some problem in the appropriate section. The administrator should diagnose the prob-
	      lem.

OPTIONS

       verbose output

       { pa32 | pa64 | ia32 | ia64 }

	      Depending on the architecture on which the validation need to be done this option needs to be set. The flags available are as listed
	      below:

	      for PA 32-bit architecture

	      for PA 64-bit architecture

	      for IA 32-bit architecture

	      for IA 64-bit architecture

	      Depending on this flag, in the module_path will be expanded as explained in the Description section of this manpage.

		     Use this option if
	      is configured on the system to enable validation of the keytab entry for Do not use this option if is not configured on the system.

RETURN VALUE

       returns the following exit codes:

       Successful configuration validation.

       Warnings were found during configuration validation.

       Errors were detected during configuration validation.

       FILES

       the kerberos client configuration file

       the pam configuration file

       The pam user configuration file

       The default location for the local host's keytab file

AUTHOR

       was developed by HP.

SEE ALSO

       krb5.conf(4), pam(3), pam_krb5(5), pam.conf(4), pam_updbe(5), pam_user.conf(4)

																     pamkrbval(1m)
All times are GMT -4. The time now is 09:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy