Re: LDAP backend - help needed...

Am 09.05.2012 08:59, schrieb Mark Pröhl: > Am 07.05.2012 17:38, schrieb Berthold Cogel: >> [dbmodules] >>openldap_ldapconf = { >> db_library = kldap >> ldap_kerberos_container_dn = "ou=Kerberos,dc=uni-koeln,dc=de" >> ldap_kdc_dn = "cn=kdc,ou=Kerberos,dc=uni-koeln,dc=de" >> l

Re: LDAP backend - help needed...

Am 07.05.2012 17:38, schrieb Berthold Cogel: > [dbmodules] >openldap_ldapconf = { > db_library = kldap > ldap_kerberos_container_dn = "ou=Kerberos,dc=uni-koeln,dc=de" > ldap_kdc_dn = "cn=kdc,ou=Kerberos,dc=uni-koeln,dc=de" > ldap_kadmin_dn = "cn=kadmind,ou=Kerberos,dc=uni-ko

Re: LDAP backend - help needed...

Am 08.05.2012 15:03, schrieb Berthold Cogel: > Am 07.05.2012 18:16, schrieb Greg Hudson: >> On 05/07/2012 11:38 AM, Berthold Cogel wrote: >>> -rw--- 1 root root 128 May 7 16:09 service.keyfile >> >>> [root@hydra krb5kdc]# kadmin.local >>> kadmin.local: unable to get default realm >> >> I'm no

Re: LDAP backend - help needed...

Am 07.05.2012 17:38, schrieb Berthold Cogel: > Hello! > > I'm trying to get kerberos running with an LDAP backend. > > System is RHEL 5.8 with krb5 1.6.1-70.el5 packages. > Just for the book: I can start krb5kdc and with lsof I can see that it is at least trying to use LDAP (using ldaps at the

Re: LDAP backend - help needed...

Am 07.05.2012 18:16, schrieb Greg Hudson: > On 05/07/2012 11:38 AM, Berthold Cogel wrote: >> -rw--- 1 root root 128 May 7 16:09 service.keyfile > >> [root@hydra krb5kdc]# kadmin.local >> kadmin.local: unable to get default realm > > I'm not sure why kadmin.local wouldn't be reading your krb

Re: LDAP backend - help needed...

On 05/07/2012 11:38 AM, Berthold Cogel wrote: > -rw--- 1 root root 128 May 7 16:09 service.keyfile > [root@hydra krb5kdc]# kadmin.local > kadmin.local: unable to get default realm I'm not sure why kadmin.local wouldn't be reading your krb5.conf file (partly because krb5 1.6 was a long time

Re: LDAP backend - help needed...

On 05/07/2012 12:03 PM, Tiago Elvas wrote: > You should create a kadmin keytab placed in /etc/kadm5.keytab including > principals: The admin keytab hasn't been needed or used since krb5 1.4, although sadly the documentation wasn't updated to reflect that fact until quite recently. (I'm still look

Re: LDAP backend - help needed...

For the kadmin.local to work I believe you have a misconfiguration. You should create a kadmin keytab placed in /etc/kadm5.keytab including principals: kadmin/admin > kadmin/changepw > kadmin/ then in kdc.conf [realms] > EXAMPLE.UNI-KOELN.DE = { >... > adm

LDAP backend - help needed...

Hello! I'm trying to get kerberos running with an LDAP backend. System is RHEL 5.8 with krb5 1.6.1-70.el5 packages. I've set up the LDAP server with kerberos.schema, created an ou=Kerberos and organizational roles 'kcd' and 'kadmind' within the ou. ACLs are set so that these roles can authentica