CentOS 5 :: Unable To Do Kerberos Login?
Mar 10, 2009
I have an NIS server that is working well, and I want to use Kerberos to improve the overall security.I have already installed Kerberos client and server on two machines respectively.Currently the NIS server, Kerberos server, and KDC are running on the same box, and every box is in the same private network.I am having trouble logging in using the user account defined in Kerberos database. Here's /etc/krb5.conf on the client side:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
[code].....
View 1 Replies
ADVERTISEMENT
Mar 24, 2011
Following the instructions listed here:[URL].. I have a machine set up to use Kerberos authentication for logins. The problem is, logins are now incredibly slow and any user from the AD fails to log in.Here's the output from the server in debug mode:
[Code]...
What I want to do is use a Windows AD with the UNIX extensions to control user logins on CentOS 5.5 servers. Previously I've used OpenLDAP and AD, but that was still two separate auth methods and I just want one.
View 5 Replies
View Related
Oct 20, 2010
I'm setting up kerberos and I can't login with kadmin but I am getting tickets with kinit, my princs are valid, and my dns resolves with dig/ping, am I missing something?:
kadmin:
Code:
home-plug:/home/steven# kadmin
Authenticating as principal root/admin@SOUR-LAN.LOCAL with password.
Password for root/admin@SOUR-LAN.LOCAL:
kadmin: GSS-API (or Kerberos) error while initializing kadmin interface
auth.log
Code:
Oct 20 22:18:13 home-plug kadmind[8935]: Seeding random number generator
Oct 20 22:18:20 home-plug krb5kdc[8778]: Interrupted system call - while selecting for network input(1)
Oct 20 22:18:20 home-plug krb5kdc[8778]: shutting down
Oct 20 22:18:20 home-plug krb5kdc[8939]: setting up network .....
View 1 Replies
View Related
May 13, 2011
I'm trying to login to a server using gssapi-with-mic authentication against one of my school's machines that supports this mode of authentication. I have these kerberos packages installed:
batrick@menzoberranzan:~$ dpkg -l | grep krb
ii krb5-config 2.2 Configuration files for Kerberos Version 5
[code]....
View 1 Replies
View Related
Aug 9, 2010
I'd like to know if network-manager applet could be run on gdm login menu. Cause i would like to get connected on my network to reach kerberos serveur to login. nm-applet on gdm
View 5 Replies
View Related
Jul 27, 2011
I am interested learning about networks in Linux and prefer to use Ubuntu. I hope the title is reflects what I really need to know. If not sorry about that.I have an requirement, it is to have a server to handle authenticaition of users so generally users can use that server to use specific services such as login (to linux), mail (postfix) and perhaps a file server (to hold user data, lets say what we have on /home/[username])I did some reading, and it looks like I will need LDAP and Kerberos. But I couldn't get a good understanding on how to practically deploy such a service.I would be obliged if some you guys can give me some guidelines on how to achieve my goal. Topics I need to read, books I could refer would be a plus.To tell you some thing about me, I am not a *NIX guy, my knowledge is kinda just above basic.
View 1 Replies
View Related
Feb 19, 2010
I am trying to deploy Kerberos and LDAP so users will be able to login in to a server on the edge of the LAN, and afterwards be able to establish a SSH connection to all the computers in that LAN without the need to type any passwords, and without the need for me to manage SSH keys [beside the SSH keys on the login server] and local user accounts.
1. When i create the users in OpenLDAP i use a template that i created by reading documentation from the Internet. In the template one piece of information that is neede is the UID. Is there any clever way the keep track of the numbers so i do not assign the same UID to two users, besides using a pen and paper?
2. For the users to be able to establish SSH connections between the computers, the host is going to be added to the keytab like this: ktadd host/client.example.com Is is possible to replace client with something genric so i do not need to mange these keytab files between the hosts?
3. Users will be logging on the the server on the edge of LAN by using SSH keys. How can i configure the setup so the users will recieve a ticket automatically when the logon without executing kinit and without entering a password, just by having a valid SSH key?
4. krb5kdc is running on all the network interfaces in the server i want it to only run on eth1, how can this be done?
View 2 Replies
View Related
Apr 15, 2009
I've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?
View 2 Replies
View Related
Feb 25, 2011
I have the following version of centos,kerbose and samba (Samba version 3.0.33-3.29.el5_5.1, krb5-libs-1.6.1-36.el5_5.5 , krb5-workstation-1.6.1-36.el5_5.5 , centos-release-5-5.el5.centos) i have configured it and qhw i givit give me the following error Failed to set password for machine account NT_STATUS_ACCESS_DENIED) Failed to join domain: Access denied
[Code]...
View 10 Replies
View Related
May 14, 2011
One of my colleagues was working on my system (Centos 5.6). He deleted some files from the /tmp directory (he thought he was cleaning up files). Right after that, he rebooted the system. I now can no longer login.
Prior to this, here's what I see following a reboot code...
no matter what I use, I cannot login -- it takes me back to the (none) login: prompt
Any ideas? I know that deleting from the /tmp directory could lead to catastrophic results, but he thinks he only deleted a specific set of files.
View 1 Replies
View Related
Apr 23, 2011
we're running an Ubuntu 10.04 LTS network on our company, authenticating against an Openldap/heimdal-kerberos server.Previously, the clients were authenticating against a Windows 2003 Domain without any problems.After modifying the krb.conf, ldap.conf, nsswitch.conf and nscd.conf files to authenticate the machines against the openldap/heimdal setup, we started experiencing strange problems.
One issue is, for example, the polkit-agent-gnome not starting. This component integrates policykit into gnome. It looks like the agent is unable to start due to some kind of delay with DBUS. Starting the agent manually keeps giving errors until about 70 seconds after login, when the agent can be started without problems. During the delay it is also impossible, for instance, to open the "shut down" menu on the top right of gnome. You can click on the menu, but nothing appears.Trying to start the polkit-agent manually gives these errors (I'll be attaching detailed errors when at work!):
Code:
DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken
GLIB ERROR ** default - Not enough memory to set up DBusConnection for use with GLib It really looks like DBus or something related to it is starting "too late" but I can't seem to find the reason. I'm pretty sure this has to do with some timings or whatever in the krb/ldap config files...
View 3 Replies
View Related
May 18, 2010
I had a working client installation with CentOS 5.4, using kerberos and PAM to authenticate. After an upgrade to 5.5, logins for users are no longer possible. Instead I get this:
/var/log/messages: gdm: Couldn't set acct. mgmt for <user> /var/log/secure: gdm: pam_krb5: authentication fails for '<user>': (<user@domain>): Authentication failure (Cannot read password) gdm: pam_krb5: account checks fail for '<user>': unknown reason -1765328254 (Cannot read password) gdm: pam:krb5: User not known to the underlying authentication module (Client not found in Kerberos database) "kinit <user>" still works as expected, and <user> has no problems logging in from other types of clients. Something kerberos-related apparently broke in CentOS 5.5,
View 2 Replies
View Related
May 23, 2009
Everything was fine yesterday, but today, the situation is the following:
When I try to login as root, using Gnome, after I enter username and password, it can do three things:
1- It brings me back to the GUI login screen again
2- Brings me to the prompt login screen (black)
3- It lets me in but I have no top or bottom navigation bars. (Sorry, cannot remember the actual names...) Sometimes I have access to a console screen, which allows me to reboot, and sometimes not, in which case I have to do a cold reboot. Not good.
The last attempt I made, I used the KDE interface and everything was fine.
I really don't understand what happened between yesterday and today, nobody but me uses this system at home and remote logins for root are disabled.
The systems is CentOS 5.3 with SELinux enforced.
View 1 Replies
View Related
Feb 25, 2011
I had successfully installed centOS,i am able to login as root.I created local users.But unable to login via console and FTP.As per the logs there were some LDAP issue,so i disabled LDAP and disabled PAM config as well.Now i am able to login to the FTP with the local users created.unable to login to the centOS console with the local user.
View 2 Replies
View Related
Aug 2, 2009
am running centos5.3 on a virtual machine and was trying to do some basic hardening and part of it i had to modify the pam.d/system-auth file and from then i am getting a fatal error whenever i try to connect via ssh using putty i am not at all able to login the server with any of the accounts even root also.I am scared unknowingly did i lock the system???how to resolve this issue?
View 3 Replies
View Related
Apr 5, 2010
I'm trying to learn Kerberos and I'm doing so by following O'Reillys book. Kind of turn-off when things are not functioning properly when one follows instruction. It fails basically at the very beginning - creation of a new realm, when I execute the command:
kdb5_util create -s
I get the error message:
Quote:(null) Improper format of Kerberos configuration file while initializing Kerberos code I'm not finding anything in any log. My configuration files (followed by the book, but tweaked to my environment):
Code:
[Code]...
View 1 Replies
View Related
Oct 10, 2010
I recently powered up my netbook... Selected my user log in, entered my password, and after a couple seconds I briefly see what looks to be the console and am returned to the login splash screen... I can Ctrl+Alt+F2 to get to the console and log in... but that is as far as I can get. This is the case for Gnome, Remix, and Remix 2D.
I can sudo apt-get (update, upgrade, etc) as well. It is the right password because if I type in a wrong one it presents an authentication failure dialog box.
How can I fix my log in screen and get to my desktop? I am Currently running 10.04.... waiting to get 10.10
View 1 Replies
View Related
Mar 13, 2009
I am not able to login to server from console attached to server, every time i enter username & password but it again asks for username & password. But when i try to login to server from remote machine, login happens properly.
View 4 Replies
View Related
Mar 15, 2010
System was fine with :Ubuntu 9.04 (had also installed kde )then....I wanted to try some change to gdm so i downloaded gdm while building it , it asked "PAM" libraries to be installed so i installed PAM ... but ignored the instruction to reinstall SHADOW (library i guess..),Now :on booting system i get login menu but i am not able to login , it says some critical error occured
1) install new copy of UBUNTU and remove old
ps :1) i can log into system through live cd
2) i can use recovery mode boot and log into terminal as root(startx is not working from this terminal..
View 9 Replies
View Related
Sep 30, 2015
I have an iMac G4 that I installed Jessie on successfully. However, when it boots, one of the last messages is:
[FAILED] Failed to start Load Kernel Modules.
Last line is something along the lines of:
fb: switching to nouveaufb from OFfb NVDA,NVMac
And then the text starts dissolving, and the entire screen cycles through different colors. I presume it is sitting at the graphical login prompt but it's not displaying correctly.
Based on some Google searches, it seems like I should be able to resolve this by editing /etc/modules but I can't get to that point. I have tried to get to a terminal using ctrl-alt-F1 through ctrl-alt-F12. No luck. I tried different yaboot options that were supposed to avoid using the video driver. No luck. How do I get the machine to boot straight to a regular text login instead of the X one?
This machine worked fine running Mac OS X this morning, so I don't think it's the hardware. What I can do.
View 10 Replies
View Related
Apr 21, 2010
I am using rhel 5.3. I am using windows 2003 server 32-bit (the processor is 64 bit. AMD athlon x2). I have installed vmware and installed rhel5.3 64 bit on top of it. Now i am able to login as root from GUI mode (f7 console), but unable to login in text console from f1 to f6. I checked the /etc/securetty. But there was nothing unusual there. I think udev is causing this problem, since google said so. I cant find where the udev.rules file is located that google searches are taking about. How do i enable root login in f1-6 console.
View 4 Replies
View Related
Feb 3, 2011
I installed VSFTPD but when logging ( at command line or browser ) at any user always :
[root@srv vsftpd]# ftp 172.16.0.3
Connected to 172.16.0.3.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.16.0.3:root): system
[Code]...
View 4 Replies
View Related
Jun 27, 2011
I have Debian 4.0 installed and I want to set up Kerberos. If anybody knows how to set up.
View 2 Replies
View Related
Sep 7, 2009
I am using centos 5.2 with kernal version "kernel-2.6.18-92.el5" i cant play mp3 songs in any of the players provided..can u help me in installing "vlc" or any other versatile player..thnx in advance.
output of "yum list *videolan*"
yum list *videolan*
Error: No matching Packages to list
View 7 Replies
View Related
Nov 6, 2010
I have an i5 Thinkpad running Windows 7 64-bit. VT is enabled in the BIOS. I have installed vmware server v 2.0.2 but am unable to install Centos 5.5 x86_64 as a guest OS. The steps that I followed are as follows:1. Created a new VM, specifying RHEL 5 64-bit as the intended guest OS (per vmware documentation - Centos is not available as a selection2. Downloaded all 8 iso files for Centos v5.5 64-bit3. Modified the CD/DVD drive to 'connect at power' and use an iso with the path pointing to the x86_64 iso 1 of 8When I power up the VM, the console window displays 'ISOLINUX 3.11 2005-09-02 Copyright (C) 1994-2005 H. Peter Anvin' and nothing else. The installation splash screen never appears. As a test, I downloaded the first of 7 iso files for the 32-bit version of Centos 5.5 and pointed the CD/DVD drive to that iso. In that case, the installation starts as expected. I would really like to get the 64-bit version installed and running.
View 3 Replies
View Related
May 30, 2011
i am not able to port 8080 on my CentOS VPS server.I have followed all the instuctions as mentioned on iptables wiki page.Also I am able to telnet my ip address and port number, But can not access from browser.
View 6 Replies
View Related
Aug 8, 2011
I have two Centos 5 servers one running Asterisk with PHP installed and another sever running as a MySql Database server, at the moment when I try run simple script to see if I can connect to the remote server I get the following error.Quote:Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
View 2 Replies
View Related
Aug 3, 2010
I've my RHEL4u4 integrated with Active Directory.
I can logon to computer with username/passwd from AD.
But if I try to use ssh, is doesn't work
When I try to connect to the same computer using kerberos I receive this messages:
ssh -vv server.domain.com
....
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug2: we sent a gssapi-with-mic packet, wait for reply
[Code]....
and it tries to use publickey and finally, user/pass.
What do I've have do for using ssh and kerberos? I use samba for joining computer to AD. I tried it in ubuntu 8.04 and likewise-open and it works, but not in RH-Samba.
View 10 Replies
View Related
Jun 15, 2011
I am looking for some links to configure kerberos authentication for ssh.I did tried google-ing it, but could not found any good link to go ahead with it.
View 1 Replies
View Related
Jun 4, 2009
So far, I've been able to get my Box (Centos 5.3) authenticate users through LDAP. My next plan was to automount their home directory from our NAS device.But I'm struggling getting autofs talking to the LDAP Server.My Config Files:
/etc/ldap.conf
[root@tmplt_CentOS-5 ~]# egrep -v '^#|^$?' /etc/ldap.conf
base ou=intern,o=zde,dc=simiangroup,dc=com
[code]....
View 2 Replies
View Related