Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Dobryshin2017-07-26 17:31:02
linux
Dmitry Dobryshin, 2017-07-26 17:31:02

How to fix kinit authorization?

Hello!
I can't figure out where to fix it. I'm trying to set up a Linux server for domain authorization according to this guide .
I got to point 8 and ran into the problem of removing backslashes between the domain and the user. I was convinced that this is due to the Kerberos setting.
krb5.conf

[logging]
    default = FILE:/var/log/kerberos/krb5libs.log
    kdc = FILE:/var/log/kerberos/krb5kdc.log
    admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
    default_realm = MYDOMAIN.LOCAL
    dns_lookup_realm = true
    dns_lookup_kdc = true
    rdns = true
    ticket_lifetime = 24h
    default_keytab_name = /etc/squid/private/HTTP.keytab
    allow_weak_crypto = true
    forwardable = yes


[realms]
        MYDOMAIN.LOCAL = {
                kdc = lpn-srv-dc-01.mydomain.local
                kdc = lpn-srv-dc-02.mydomain.local
                admin_server = lpn-srv-dc-01.mydomain.local
                default_domain = mydomain.local
        }

[domain_realm]
        .mydomain.local = MYDOMAIN.LOCAL
        mydomain.local = MYDOMAIN.LOCAL

[appdefaults]
    pam = {
      debug = true
      ticket_lifetime = 36000
      renew_lifetime = 36000
      forwardable = true
      krb4_convert = false
    }

[login]
        krb4_convert = true
        krb4_get_tickets = false

When checking authorization with the command:
# kinit [email protected]
Password for [email protected]:

Everything works:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]

Valid starting       Expires              Service principal
26.07.2017 16:56:23  27.07.2017 02:56:23  krbtgt/[email protected]
        renew until 27.07.2017 16:56:20

If I authorize as in paragraph 8 of the instructions, then I come across the following:
# kinit "MYDOMAIN\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

# kinit "MYDOMAIN\\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

# kinit "MYDOMAIN.LOCAL\\my.user"
kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials

That is, slashes are removed and the domain is not defined in this spelling. I understand that somewhere it should be configured, but I just can not find where.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
C
crdrads2018-12-10 21:31:08
Why is it said that clip and mask are better for SVG than native CSS? 6Reply
W
wargych2020-08-27 02:43:29
How to implement background application control via console? 2Reply
V
VicTHOR2020-08-27 10:30:15
How to set such an ACL? 0Reply
N
NkDev2018-10-09 11:24:06
How to make access to external ip from local network? 1Reply
A
Alexander Vladimirovich2020-08-27 13:07:40
How much free disk space is required for normal system operation? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question