Update: Problems authenticating users via AD with Kerberos on Solaris 9
From: Smith, William E. (Bill), Jr. (Bill.Smith_at_jhuapl.edu)
Date: 08/22/05
- Previous message: Shahul Hameed: "Script to open new windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 22 Aug 2005 10:07:32 -0400 To: <sunmanagers@sunmanagers.org>
At this time, the problem is still not resolved. I received a few
responses suggesting I check the clock between the server and domain
controllers. As far as I can tell, everything looks fine there.
Another response indicating that if a user is in too many groups, that
the Windows KC requests that the client use TCP rather than UDP for the
ticket. However, since MIT does not implement TCP, the request fails.
There may be a registry key to set on the Windows side that controls how
large the packet can be before TCP is used. So far, I haven't been able
to find any reference to said key. If someone knows anything about this
key or can provide any further insight, it would be much appreciated.
For reference purposes, I am getting the following error when trying to
run kinit using my Active Directory username/password, which is where
the UDP vs TCP issue comes into play.
kinit: KRB5 error code 52 while getting initial credentials
- Bill
-----Original Message-----
From: sunmanagers-bounces@sunmanagers.org
[mailto:sunmanagers-bounces@sunmanagers.org] On Behalf Of Smith, William
E. (Bill), Jr.
Sent: Wednesday, August 17, 2005 9:37 AM
To: sunmanagers@sunmanagers.org
Subject: Problems authenticating users via AD with Kerberos on Solaris 9
We have a Solaris 9 server that we configured to authenticate users via
Active Directory using Kerberos. Things worked when we first set things
up but recently for whatever reason(s), Kerberos authentication does not
seem to work as I continue to get failed login attempts every time I or
other users use their AD password. I've been trying to figure out
what's going on for days to no avail so posting here hoping someone can
shed some light. Here's a snippet of the pam.conf. The uncommented
entries are the only ones uncommented in the file. Any other reference
to pam_krb5.so.1 is commented out.
# Default definitions for Authentication management # Used when service
name is not explicitly mentioned for authenctication #
#other auth requisite pam_authtok_get.so.1
#other auth required pam_dhkeys.so.1
other auth sufficient pam_krb5.so.1
other auth required pam_unix_auth.so.1
Nothing has changed with regard to the Kerberos configuration (as far as
I know and can tell) but something is obviously amiss.
Any insight or suggestions here would be appreciated.
Bill Smith
<mailto:bill.smith@jhuapl.edu>
ISS Server Systems Group
Johns Hopkins University Applied Physics Laboratory 11100 Johns Hopkins
Road Laurel, MD 20723
Phone: 443-778-5523
Web: http://www.jhuapl.edu
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Shahul Hameed: "Script to open new windows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
