Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Dobryshin2017-07-26 17:31:02
linux
Dmitry Dobryshin, 2017-07-26 17:31:02

How to fix kinit authorization?

Hello!
I can't figure out where to fix it. I'm trying to set up a Linux server for domain authorization according to this guide .
I got to point 8 and ran into the problem of removing backslashes between the domain and the user. I was convinced that this is due to the Kerberos setting.
krb5.conf

[logging]
    default = FILE:/var/log/kerberos/krb5libs.log
    kdc = FILE:/var/log/kerberos/krb5kdc.log
    admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
    default_realm = MYDOMAIN.LOCAL
    dns_lookup_realm = true
    dns_lookup_kdc = true
    rdns = true
    ticket_lifetime = 24h
    default_keytab_name = /etc/squid/private/HTTP.keytab
    allow_weak_crypto = true
    forwardable = yes


[realms]
        MYDOMAIN.LOCAL = {
                kdc = lpn-srv-dc-01.mydomain.local
                kdc = lpn-srv-dc-02.mydomain.local
                admin_server = lpn-srv-dc-01.mydomain.local
                default_domain = mydomain.local
        }

[domain_realm]
        .mydomain.local = MYDOMAIN.LOCAL
        mydomain.local = MYDOMAIN.LOCAL

[appdefaults]
    pam = {
      debug = true
      ticket_lifetime = 36000
      renew_lifetime = 36000
      forwardable = true
      krb4_convert = false
    }

[login]
        krb4_convert = true
        krb4_get_tickets = false

When checking authorization with the command:
# kinit [email protected]
Password for [email protected]:

Everything works:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting       Expires              Service principal
26.07.2017 16:56:23  27.07.2017 02:56:23  krbtgt/[email protected]
        renew until 27.07.2017 16:56:20

If I authorize as in paragraph 8 of the instructions, then I come across the following:
# kinit "MYDOMAIN\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

# kinit "MYDOMAIN\\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

# kinit "MYDOMAIN.LOCAL\\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

That is, slashes are removed and the domain is not defined in this spelling. I understand that somewhere it should be configured, but I just can not find where.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
W
wolfak2017-08-25 11:29:18
How to destroy side menu before transition (Swift)? 1Reply
A
alexandrnevajno12017-11-26 03:58:56
PHP - Is it correct to change the extension to .jpg when uploading an image? Why is this option better? 4Reply
P
Pavel Padozhnikov2015-08-30 11:16:06
How did the graphics come about? 2Reply
G
gremlintv22017-08-04 20:13:16
How to quickly create a full backup of a remote system using tar and rsync/scp? 3Reply
T
Twelfth Doctor2017-08-05 15:43:38
Will the user be able to access the folder? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question