[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: newbie problem initializing realm with ldap backend



On Tue, 01 Mar 2005 12:34:22 -0300, Alejandro Mery <amery@geeks.cl> wrote:
> hi, i'm following http://www.openinput.com/auth-howto/index.html
> skipping posix Accounts and Groups creation (for now).
> 
> but:
> kadmin> init CONOSURSEGUROS.CL
> Realm max ticket life [unlimited]:
> Realm max renewable ticket life [unlimited]:
> kadmin: kadm5_create_principal: ldap_add_s: default@conosurseguros.cl
> (dn=cn=default@conosurseguros.cl,ou=kerberos,dc=conosurseguros,dc=cl)
> Invalid syntax
> 
> after hours of reading and re-doing everything from zero i keep getting
> this syntax error.... how can i know where is it? _please_
> 
> i created that ou= using:
> # Kerberos only principals (admin accounts, hosts,...)
> dn: ou=kerberos,dc=conosurseguros,dc=cl
> objectClass: organizationalUnit
> objectClass: top
> ou: kerberos
> description: Kerberos only principals
> 
> krb5-kdc.schema from:
> http://www.stanford.edu/services/directory/openldap/configuration/krb5-kdc.schema
> 
> and my krb5.conf is:
> [libdefaults]
>          ticket_lifetime = 600
>          default_realm = CONOSURSEGUROS.CL
>          default_etypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
>          default_etypes_des = des3-hmac-sha1 des-cbc-crc des-cbc-md5
> 
> [realms]
>          CONOSURSEGUROS.CL = {
>                  kdc = kerberos.conosur.0:88
>                  admin_server = kerberos.conosur.0:749
>          }
> 
> [domain_realm]
>          .conosur.0 = CONOSURSEGUROS.CL
>          conosur.0 = CONOSURSEGUROS.cl
> 
> [kdc]
>          database = {
>                  realm = CONOSURSEGUROS.CL
>                  dbname = ldap:ou=kerberos,dc=conosurseguros,dc=cl
>                  mkey_file = /var/heimdal/m-key
>          }
> 
> [logging]
>      kdc = FILE:/var/heimdal/logs/kdc.log
>      admin_server = FILE:/var/heimdal/logs/admin.log
>      default = FILE:/var/heimdal/logs/heimdal.log
> 
> Thanks in advance,
> Alejandro Mery
> 
Have you gone through the Basic Structure stuff (6.1.4.1)? Can you
print the output of ldapsearch (just to check you have all the basic
entries created)? Do you get anything at /var/log/messages or wherever
you have your OpenLDAP logs?

Best regards
Jose