[Samba] kerberos database principal problem

Terry td3201 at gmail.com
Tue Sep 8 16:48:11 MDT 2009 

On Tue, Sep 8, 2009 at 4:50 PM, Terry<td3201 at gmail.com> wrote:
> Hello,
>
> I am using kerberos to authenticate apache users.  This works fine for
> one URL, but it doesn't for another.
>
> I can get into the application authenticating at the URL
> omajelut01.sec.jel.lc, but not with monitoring.foobar.com.  Here is my
> klist:
>
> [root at omajelut01 etc]# klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
>   4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 host/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 host/omajelut01 at SEC.JEL.LC
>   4 host/omajelut01 at SEC.JEL.LC
>   4 host/omajelut01 at SEC.JEL.LC
>   4 OMAJELUT01$@SEC.JEL.LC
>   4 OMAJELUT01$@SEC.JEL.LC
>   4 OMAJELUT01$@SEC.JEL.LC
>   4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/monitoring.foobar.com/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/jmonitoring.foobar.com/omajelut01 at SEC.JEL.LC
>   4 HTTP/monitoring.jelecos.com/omajelut01 at SEC.JEL.LC
>   4 HTTP/monitoring.jelecos.com/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01.sec.jel.lc at SEC.JEL.LC
>   4 HTTP/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01 at SEC.JEL.LC
>   4 HTTP/omajelut01 at SEC.JEL.LC
>
> I am very new to this so I appreciate any help.
>

I figured this out.  It was working from a kerberos perspective.  I
had a frontend reverse proxy apache server that was sending users to
the wrong backend URL.  :(

More information about the samba mailing list