|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Problems configuring Kerberos for use with Samba and Active Directory
|
I know that I used to have this working, and then I went and started
playing, and seem to have screwed something up royally.
Here's what I have - A Windows 2003 domain named "dacrib.local". The DC
in that domain is called "dim-win2300" (IP 10.0.0.60). I have an Ubuntu
9.04 server. Previously, I had added it to the AD domain. But I'm
getting errors now.
root@workhorse:/etc# /etc/init.d/krb5-kdc restart
* Restarting Kerberos KDC krb5kdc
krb5kdc: cannot initialize realm DACRIB.LOCAL - see log
file for details
[fail]
root@workhorse:/etc# tail -f /var/log/messages
Mar 23 13:46:39 workhorse krb5kdc[4869]: No such file or directory -
while initializing database for realm DACRIB.LOCAL
root@workhorse:/etc# kinit administrator@DACRIB.LOCAL
kinit(v5): Cannot resolve network address for KDC in realm DACRIB.LOCAL
while getting initial credentials
I am following
<http://wiki.samba.org/index.php/Samba_&_Active_Directory> this page as
examples. This is the first step, before even configuring Samba. And I'm
failing here, altho I can't see why.
Here's my krb5.conf. Can somebody slap me upside the head, and tell me
where I went wrong?
-------------------------------------------
root@workhorse:/etc# more krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DACRIB.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
DACRIB.LOCAL = {
kdc = dim-win2300.dacrib.local
admin_server = dim-win2300.dacrib.local
default_domain = dacrib.local
}
[domain_realm]
.kerberos.server = DACRIB.LOCAL
.dacrib.local = DACRIB.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
-------------------------------------
The krb5kdc.conf:
root@workhorse:/etc/krb5kdc# more kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
DACRIB.LOCAL = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des:normal des:v4 des:norealm des:onlyrealm des:afs3
default_principal_flags = +preauth
}
-------------------------------------
The AD is functioning fine, as my Windows clients have no problems
finding it, and logging in. So my problem must be my config here. But I
don't see where.
Anyone?
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|