[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Problems with Service Principle Unknown and Windows AD.
I am in an environment where I need to be able to authenticate users
against the Win2K Active Directory farm using Kerberos.
I am having trouble getting the Kerberos component
working and get tcpdump shows the linux host receiving a
KRB5KDC_ERR_S_PRINCIPLE_UNKNOWN error message
Right now I have the following setup.
Application -> saslauthd -> heimdal -> Windows Servers
My understanding of how to set this up is that I must get a service
ticket from Windows using the "ktpass.exe" application and copy this
to /etc/krb5.keytab file on the linux host. Then I configure saslauthd
to use Heimdal kerberos for Authentication and run the testsaslauthd
program to test.
Are my assumptions about how to set this up correct? I was unable to
find a definitive guide.
What should I be looking at to debug the principle unknown error
message. I am fairly certain that I have a valid key from AD in
/etc/krb5.keytab
Here are some files that may be useful:
----------------------------------------------------------------
[libdefaults]
clockskew = 300
default_etypes = des-cbc-crc
default_etypes_des = des-cbc-crc
default_realm = INTERNAL.EPO.ORG
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
INTERNAL.EPO.ORG = {
default_domain = internal.epo.org
}
[domain_realm]
.internal.epo.org = INTERNAL.EPO.ORG
internal.epo.org = INTERNAL.EPO.ORG
[logging]
kdc = FILE:/var/log/kerb.log
admin_server = FILE:/var/log/kerb.log
default = FILE:/var/log/kerb.log
----------------------------------------------------------------
$ ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
3 des-cbc-md5 host/mnuf09l.internal.epo.org@INTERNAL.EPO.ORG
3 des-cbc-md5 host/mnuf09xxx.internal.epo.org@INTERNAL.EPO.ORG
------------------------------------------------------------------
Any suggestions much appreciated.
S.
-- Simon Tennant ________________ http://imaginator.com/~simon/contact