Help-me, My new erros, i dont have any idea now. What is problem.
Erros: [Wed May 10 16:44:38.642059 2017] [auth_kerb:error] [pid 13249] [client 10.251.14.140:47141] failed to verify krb5 credentials: Server not found in Kerberos database, referer: http://10.1.1.76/ ####################################################### /etc/krb5.conf [libdefaults] default_realm = REDE.COM.BR dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_ccache_name = KEYRING:persistent:%{uid} [realms] REDE.COM.BR = { kdc = REDE.COM.BR admin_server = REDE.COM.BR } [domain_realm] .rede.com.br=REDE.COM.BR rede.com.br=REDE.COM.BR ###################################################### klist -k /etc/httpd/conf.d/krb5.keytab Keytab name: FILE:/etc/httpd/conf.d/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 14 host/delorean2.rede.com...@rede.com.br 14 host/delorean2.rede.com...@rede.com.br 14 host/delorean2.rede.com...@rede.com.br 14 host/delorean2.rede.com...@rede.com.br 14 host/delorean2.rrede.com...@rede.com.br 14 host/delore...@rede.com.br 14 host/delore...@rede.com.br 14 host/delore...@rede.com.br 14 host/delore...@rede.com.br 14 host/delore...@rede.com.br 14 DELOREAN2$@REDE.COM.BR 14 DELOREAN2$@REDE.COM.BR 14 DELOREAN2$@REDE.COM.BR 14 DELOREAN2$@REDE.COM.BR 14 DELOREAN2$@REDE.COM.BR ######################################################## cat /etc/httpd/conf.d/proxy.conf <VirtualHost *:80> ProxyPreserveHost Off ProxyPass / http://localhost:631/ ProxyPassReverse / http://localhost:631/ <Location /> AuthName "Login" AuthType Kerberos KrbMethodNegotiate on KrbMethodK5Passwd on KrbAuthRealms REDE.COM.BR Krb5Keytab /etc/httpd/conf.d/krb5.keytab KrbLocalUserMapping on Require valid-user AuthLDAPUrl ldap:// rede.com.br/ou=usuarios,dc=rede,dc=com,dc=br?sAMAccountName AuthLDAPBindDN cn=UsrLDAP,cn=Users,dc=rede,dc=com,dc=br AuthLDAPBindPassword XXXXXX LDAPReferrals Off </Location> 2017-05-09 9:53 GMT-03:00 Luiz Guilherme Nunes Fernandes < narutospi...@gmail.com>: > Well, i try my first test and work, if i authentic with Ldap protocols > without kerberos work, but i try add kerberos, show erros messages in log. > Any idea? > > No errors in apachectl configtest > > > ############################################### > cat /etc/krb5.conf > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = REDE.COM.BR > dns_lookup_realm = false > dns_lookup_kdc = true > dns_lookup_realm = false > ticket_lifetime = 24h > renew_lifetime = 7d > forwardable = true > rdns = false > default_ccache_name = KEYRING:persistent:%{uid} > > [realms] > REDE.COM.BR = { > kdc = REDE.COM.BR > admin_server = REDE.COM.BR > } > > [domain_realm] > .rede.com.br=REDE.COM.BR > rede.com.br=REDE.COM.BR > > ############################################### > > kinit root > Password for r...@rede.com.br: > > klist > Ticket cache: KEYRING:persistent:0:0 > Default principal: r...@rede.com.br > > Valid starting Expires Service principal > 05/09/2017 09:45:36 05/09/2017 19:45:36 krbtgt/rede.com...@rede.com.br > renew until 05/16/2017 09:45:34 > > ############################################### > cat /etc/httpd/conf.d/proxy.conf > <VirtualHost *:80> > ProxyPreserveHost Off > ProxyPass / http://localhost:631/ > ProxyPassReverse / http://localhost:631/ > > > LogLevel debug > > <Location /> > > AuthType Kerberos > KrbMethodNegotiate On > AuthName "REDE.COM.BR Domain Login" > KrbMethodK5Passwd On > KrbAuthRealms REDE.COM.BR > Krb5KeyTab /etc/httpd/conf.d/httpd.keytab > KrbLocalUserMapping on > require valid-user > > # AuthName "Informe usuario da rede" > # AuthType Basic > # AuthBasicProvider ldap > AuthLDAPUrl ldap://rede.com.br/ou=usuarios,dc=rede,dc=com,dc=br? > sAMAccountName > AuthLDAPBindDN cn=users,dc=rede,dc=com,dc=br > AuthLDAPBindPassword XXXXXX > Require valid-user > LDAPReferrals Off > </Location> > #</Directory> > > </VirtualHost> > > > ############################################### > > [root@delorean1 conf.d]# tail -f /var/log/httpd/error_log > [Mon May 08 17:48:42.320886 2017] [auth_kerb:error] [pid 19879] [client > 10.251.14.140:55636] failed to verify krb5 credentials: Server not found > in Kerberos database, referer: http://10.1.1.75/ > [Mon May 08 17:48:42.320898 2017] [auth_kerb:debug] [pid 19879] > src/mod_auth_kerb.c(1127): [client 10.251.14.140:55636] > kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), > referer: http://10.1.1.75/ > [Mon May 08 17:48:55.301656 2017] [authz_core:debug] [pid 19881] > mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: > authorization result of Require valid-user : denied (no authenticated user > yet), referer: http://10.1.1.75/ > [Mon May 08 17:48:55.301702 2017] [authz_core:debug] [pid 19881] > mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: > authorization result of Require valid-user : denied (no authenticated user > yet), referer: http://10.1.1.75/ > [Mon May 08 17:48:55.301710 2017] [authz_core:debug] [pid 19881] > mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: > authorization result of <RequireAny>: denied (no authenticated user yet), > referer: http://10.1.1.75/ > [Mon May 08 17:48:55.301736 2017] [auth_kerb:debug] [pid 19881] > src/mod_auth_kerb.c(1954): [client 10.251.14.140:55638] > kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, > referer: http://10.1.1.75/ > [Mon May 08 17:48:55.302037 2017] [auth_kerb:debug] [pid 19881] > src/mod_auth_kerb.c(1048): [client 10.251.14.140:55638] Using > HTTP/10.1.1.75@ as server principal for password verification, referer: > http://10.1.1.75/ > [Mon May 08 17:48:55.302062 2017] [auth_kerb:debug] [pid 19881] > src/mod_auth_kerb.c(752): [client 10.251.14.140:55638] Trying to get TGT > for user rede.com.brr...@rede.com.br, referer: http://10.1.1.75/ > [Mon May 08 17:48:55.306313 2017] [auth_kerb:error] [pid 19881] [client > 10.251.14.140:55638] krb5_get_init_creds_password() failed: Client not > found in Kerberos database, referer: http://10.1.1.75/ > [Mon May 08 17:48:55.306348 2017] [auth_kerb:debug] [pid 19881] > src/mod_auth_kerb.c(1127): [client 10.251.14.140:55638] > kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), > referer: http://10.1.1.75/ > -- > <<<<<<<<<<<<<<<<<<<----------------------------------------- > -------------------------->>>>>>>>>>>>>>>>>>> > > < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao > Pai, senão por mim > > (João 14:6) > > Att. > ♪ ♫ Luiz Guilherme Nunes > Fernandes ♫ ♪ > > <<<<<<<<<<<<<<<<<<<----------------------------------------- > -------------------------->>>>>>>>>>>>>>>>>>> > -- <<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>> < Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao Pai, senão por mim > (João 14:6) Att. ♪ ♫ Luiz Guilherme Nunes Fernandes ♫ ♪ <<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>