Hi,
I was looking for a PAM group, but couldnt find one, so I hope someone
here might have the knowledge.
I am trying to log into my linux box, using password from a Win 2003
AD.
Everything seems to be talking, but after login,
everything hangs for 30 seconds and then exits out.
So if anyone ha
On 2006-08-08 15:03:46 +0200, "Jesper Angelo" <[EMAIL PROTECTED]> said:
> Additional info:
>
> Local login works using pam_unix...
>
> Even if I put pam_unix to be optional (ie all passwords are accepted)
> it works - except if I put in the right password from the AD.
>
> So its something with
Account: newbie ( Created on both AD and local (/etc/passwd) )
Login with pam_unix yields:
==> /var/log/auth.log <==
Aug 9 11:51:11 localhost login[15519]: pam_krb5:
pam_sm_authenticate(login newbie): entry:
Aug 9 11:51:11 localhos
On 2006-08-09 12:21:56 +0200, "Jesper Angelo" <[EMAIL PROTECTED]> said:
> Account: newbie ( Created on both AD and local (/etc/passwd) )
Well, what I intended was to create a local user and then kinit to a
principal. So on unix ``localuser'' and on AD ``aduser''.
> Login with pam_unix yields: [
pam_krb5 checks if the kdc you talk to is not a fake by using the host
principal in the default keytab. Look at the traffic on port 88 with
ethereal and you should see a tgt request for host/server-fqdn. Some pam
modules have an option to not do this verification, check your man pages.
Regards
Markus Moeller <[EMAIL PROTECTED]> writes:
> pam_krb5 checks if the kdc you talk to is not a fake by using the host
> principal in the default keytab. Look at the traffic on port 88 with
> ethereal and you should see a tgt request for host/server-fqdn. Some pam
> modules have an option to not do t
I have trimmed down the configs heavily, so now I still can't login,
but at least I get a login incorrect. Lets see...
> Clear the auth log and login as I said /locally/ with a /pure/ /local/
> user. See what happens working with this user. If you can work and
> you're not kicked out, then kinit t
Just adding - this is what I get in the event log on the AD:
-
Authentication Ticket Request:
User Name: newbie
Supplied Realm Name:BORSEN-ONLINE.DK
User ID:ONLI
You still have "Server not found in Kerberos database" in your log. Could
you capture the TGS REQ and reply with ethereal ?
Sometime the issue is a wrong hosts entry (e.g. the shorthostname is in
front of the FQDN).
Markus
"Jesper Angelo" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTE
Additional info:
Local login works using pam_unix...
Even if I put pam_unix to be optional (ie all passwords are accepted)
it works - except if I put in the right password from the AD.
So its something with the kerberos process in pam_krb5...
j-
___
On 2006-08-10 15:41:52 +0200, "Jesper Angelo" <[EMAIL PROTECTED]> said:
> I have trimmed down the configs heavily, so now I still can't login,
> but at least I get a login incorrect. Lets see...
>
>> Clear the auth log and login as I said /locally/ with a /pure/ /local/
>> user. See what happens
11 matches
Mail list logo
