Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AlexWinner2012-05-11 18:36:44
linux
AlexWinner, 2012-05-11 18:36:44

Problems in the interaction of sssd, kerberos, active directory?

Hello!
I installed sssd on the server, configured it to work with Active Directory 2008.
When I try to log in via ssh as user alexwinner, I get the following in the log:

(Fri May 11 18:56:03 2012) ]] [get_and_save_tgt] (1): 523: [-1765328360][Preauthentication failed]

At the same time, when executing 'kinit alexwinner' everything is OK, I get a ticket without any problems.
I enter the password correctly in both cases.
I put a dump, looked at the kerberos packages, only the padata fields differ. Maybe that's how it should be.
Here is sssd.conf:
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam

domains = MYDOMAIN.COM

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3

; entry_cache_timeout = 600
; entry_cache_nowait_timeout = 300

[pam]
reconnection_retries = 3


[domain/MYDOMAIN.COM]
description = LDAP domain with AD server
enumerate = true

min_id = 1000
cache_credentials = false

id_provider = ldap
auth_provider = krb5
chpass_provider = krb5

krb5_realm = MYDOMAIN.COM
krb5_kdcip = 172.27.250.141
krb5_kpasswd = 172.27.250.141
ldap_pwd_policy = none

ldap_id_use_start_tls = false
ldap_tls_reqcert = never

ldap_uri = ldap://172.27.250.141:3268/
ldap_schema = rfc2307bis
ldap_default_bind_dn = [email protected]
ldap_default_authtok_type = password
ldap_default_authtok = veryhardpassword


ldap_user_search_base = ou=linux,ou=users,ou=pro,dc=mydomain,DC=com
ldap_user_object_class = user
ldap_user_uid_number = uidNumber
ldap_user_gid_number = GIDNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_user_principal = userPrincipalName
ldap_user_name = sAMAccountName
ldap_user_gecos = displayName
ldap_user_uuid = objectGUID

ldap_group_search_base = OU=Linux,OU=Roles,DC=mydomain,DC=com
ldap_group_object_class = group
ldap_group_name = Name
ldap_group_gid_number = GidNumber
ldap_force_upper_case_realm = True

Here is krb5.conf:
[libdefaults]
    default_realm = MYDOMAIN.COM
    forwardable = true

[realms]
   MYDOMAIN.COM = {
        kdc = 172.27.250.141
        admin_server = 172.27.250.141
    }

Tell me, please, where to dig, what to look at?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexey Murz Korepov, 2013-11-18
@Murz

I am experiencing exactly the same problems, please tell me - did you manage to solve this problem? Or maybe at least it was possible to find out the reason more accurately?
I install authorization on Ubuntu 13.10 through Zentyal domain using sssd and heimdal-clients - it also works through libpam-krb5, but does not work through sssd.

Similar questions
H
Harold2020-11-10 00:37:33
Is there a universal content cms? 5Reply
V
Valery2019-01-25 15:54:22
How to create a proxy for a proxy with authorization by IP? 1Reply
A
Akmal Kadirov2014-08-09 23:48:08
JP C: Is it possible to create a function in a struct? 2Reply
O
Osmanov Osman2020-11-01 21:54:11
Why does Ubuntu freeze on /dev/sda7? 0Reply
A
Alexander2016-08-24 11:36:13
Is anyone using EJBCA or CFSSL (CloudFlare SSL) for Private Certification Authority? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question