Has anyone setup CentOS to authenticate to Active Directory? I've found multiple articles for different distributions on how to do it but none of them have worked.
Basically I want to setup the CentOS box and have it "just like" a windows domain computer where anyone can logon to it without first having a local user created.
Right now I can't even get kinit to work with my local and domain account.
I keep getting an error "KDC reply did not match expectations while getting initial credentials"
Any help would be appreciated.
CentOS authenticating to Active Directory
Re: CentOS authenticating to Active Directory
[b]I have AD integration working pretty well. The error that you specified is because your /etc/krb5.conf is not properly configured.
Here is how my file looks:[/b]
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MY.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
SPDUSLISDC01.MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com:88
admin_server = spduslisdc01.my.domain.com:749
default_domain = my.domain.com
}
my.domain.com={
}
MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com
admin_server = spduslisdc01.my.domain.com
kdc = spduslisdc01.my.domain.com
}
[domain_realm]
my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
spduslisdc01.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[b]I got this file from some site during my research...so don't ask me to explain its contents. I did not get time to look into it...it works for me and thats good enough for now.[/b]
Here is how my file looks:[/b]
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = MY.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
SPDUSLISDC01.MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com:88
admin_server = spduslisdc01.my.domain.com:749
default_domain = my.domain.com
}
my.domain.com={
}
MY.DOMAIN.COM = {
kdc = spduslisdc01.my.domain.com
admin_server = spduslisdc01.my.domain.com
kdc = spduslisdc01.my.domain.com
}
[domain_realm]
my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
spduslisdc01.my.domain.com = SPDUSLISDC01.MY.DOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[b]I got this file from some site during my research...so don't ask me to explain its contents. I did not get time to look into it...it works for me and thats good enough for now.[/b]
CentOS authenticating to Active Directory
I followed this one for winbind and samba.
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
--
Jim
http://www.redmondmag.com/columns/article.asp?EditorialsID=858
--
Jim