First of all, thanks for your answers and interest. I already tried it without the port, because I realized, short after I sent my first mail, that the port is really not part of the name.
So I recreated the keytab file with HTTP/wiki.test....@srv.test.lan. Kinit still works, but the "Server not in kerberos database" problem still remains. @Paul Moore: What do you mean, with "an AD account with that SPN"? Could you be just a little more specific? Its late over here in germany ;) I had created an extra user and password at the AD. This login is saved inside of the keytab together with the SPN: HTTP/wiki.test....@srv.test.lan BTW: Is there a way, to find out, what adress the server is looking for? Greets, ----- Original Message ----- From: "Paul Moore" <paul.mo...@centrify.com> To: "Douglas E. Engert" <deeng...@anl.gov> Cc: <slainde...@kabelmail.de>; <kerberos@mit.edu> Sent: Tuesday, February 03, 2009 11:14 PM Subject: RE: Prob: failed to verify krb5 credentials: Server not found in Kerb for sure the port number should not be in the SPN. I didnt even notice that. I was wondering if there is any principal at all -----Original Message----- From: Douglas E. Engert [mailto:deeng...@anl.gov] Sent: Tuesday, February 03, 2009 2:13 PM To: Paul Moore Cc: slainde...@kabelmail.de; kerberos@mit.edu Subject: Re: Prob: failed to verify krb5 credentials: Server not found in Kerb Paul Moore wrote: > is there an AD account with that SPN? > HTTP/wiki.test.lan:8...@srv.test.lan The port number :8080 is usually not part of the principal name. So the browser may be looking for HTTP/wiki.test....@srv.test.lan > > -----Original Message----- > From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On > Behalf Of slainde...@kabelmail.de > Sent: Tuesday, February 03, 2009 6:28 AM > To: kerberos@mit.edu > Subject: Prob: failed to verify krb5 credentials: Server not found in > Kerb > > Hey guys, > > I am short before dispairing :( > > Maybe someone has time and likes to help me? :) > > I am trying to set up kerberos to authenticate a > TWiki running on Unix against an Windows Server 2003 Active Directory... > > I configured the krb5.conf like this: > > [logging] > ... > > [libdefaults] > default_realm = SRV.TEST.LAN > dns_lookup_realm = false > dns_lookup_kdc = false > ticket_lifetime = 24000 > forwardable = yes > > [realms] > SRV.TEST.LAN = { > kdc = location.srv.test.lan:88 > admin_server = location.srv.test.lan:749 > default_domain = SRV.TEST.LAN > } > > [domain_realm] > .test.lan = SRV.TEST.LAN > test.lan = SRV.TEST.LAN > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 24000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > When I use "kinit" everything works fine. With every valid login I get a > ticket... > > > Then I created the keytab file, set with a valid user and password for > the service: HTTP/wiki.test.lan:8...@srv.test.lan Leave off the :8080 > > http://wiki.test.lan:8080/bin is the url I type into the browser... > > When I use "kinit" with the keytab and HTTP/wiki.test.lan:8080 > everything works fine... I get a ticket... > > Now I wanna setup the twiki to use kerberos to authenticate with... > The httpd.conf for the "bin" directory at http://wiki.test.lan:8080/ is > like following: > Order Deny,Allow > Allow from all > > AuthType Kerberos > KrbAuthRealms SRV.TEST.LAN > KrbServiceName HTTP > Krb5Keytab /etc/http.keytab > KrbMethodNegotiate on > KrbMethodK5Passwd on > Require valid-user > > When I browse to "http://wiki.srv.lan:8080/bin" the login box prompts... > I enter a valid login, but the box stays... > > In the log it says: > failed to verify krb5 credentials: Server not found in Kerberos database > > What is wrong? Can someone help me?! :( > > Greets, > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos