[Samba] Linux client of the domain - SSSD : authenticating via Kerberos
Rowland Penny
rowlandpenny at googlemail.com
Fri Dec 20 09:19:21 MST 2013
On 20/12/13 16:08, Cyril wrote:
> Le 20/12/2013 16:59, Rowland Penny a écrit :
>> On 20/12/13 14:00, steve wrote:
>>> On Fri, 2013-12-20 at 14:40 +0100, Cyril wrote:
>>>> Le 20/12/2013 14:19, steve a écrit :
>>>>> On Fri, 2013-12-20 at 10:37 +0100, Cyril wrote:
>>>>>
>>>>>> kinit myserver$@SUBDOMAIN.DOMAIN.FR
>>>>>> It also ask me a password but the admin's one doesn't work.
>>>>>>
>>>>> Eh? You don't need a password. You already have the key!
>>>>> kinit -k -t /etc/krb5.sssd.keytab myserver$
>>>>>
>>>>> Could you post the output of that command?
>>>>>
>>>> That give me nothing. No error, no warning.
>>>> It didn't ask me anypassword
>>>>
>>> OK. So it worked.
>>>>>> Am-I suppose to create this principal myserver$@SUBDOMAIN.DOMAIN.FR
>>>>>> first before generating the keytab on the DC ?
>>>>>>
>>>>> You already have the principal. It was created when you joined the
>>>>> machine to the domain.
>>>> Ho, you mean joining the myserver machine !
>>>>
>>> No, I'm sorry. The post crossed. I now know that the machine is not
>>> joined to the domain using samba. You do somehow however, have a key
>>> for
>>> the machine.
>>>
>>> And, from your other posts, your domain users can now authenticate on
>>> the Linux client.
>>>
>>> Cheers,
>>> Steve
>>>
>>>
>> OK, seeing as how it is Christmas, here is how to get libpam-pwquality
>> on Ubuntu precise, using the packages from Saucy ;-)
>>
>> x86:
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/universe/libp/libpwquality/libpam-pwquality_1.2.3-1_i386.deb
>>
>>
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality1_1.2.3-1_i386.deb
>>
>>
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality-common_1.2.3-1_all.deb
>>
>>
>>
>> sudo dpkg -i libpwquality-common_1.2.3-1_all.deb
>> sudo apt-get install libcrack2
>> sudo dpkg -i libpwquality1_1.2.3-1_i386.deb
>> sudo dpkg -i libpam-pwquality_1.2.3-1_i386.deb
>>
>> x86_64:
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/universe/libp/libpwquality/libpam-pwquality_1.2.3-1_amd64.deb
>>
>>
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality1_1.2.3-1_amd64.deb
>>
>>
>> wget
>> http://fr.archive.ubuntu.com/ubuntu/pool/main/libp/libpwquality/libpwquality-common_1.2.3-1_all.deb
>>
>>
>>
>> sudo dpkg -i libpwquality-common_1.2.3-1_all.deb
>> sudo apt-get install libcrack2
>> sudo dpkg -i libpwquality1_1.2.3-1_amd64.deb
>> sudo dpkg -i libpam-pwquality_1.2.3-1_amd64.deb
>>
>> and there you go!
>>
>> Rowland
>
> I already had a try and I have the same error when I use ubuntu 13.10 :
>
> lightdm: pam_sss(lightdm:auth): authentication failure; logname= uid=0
> euid=0 tty=:1 ruser= rhost= user=Myuser
> lightdm: pam_sss(lightdm:auth): received for user Myuser: 9
> (Authentication service cannot retrieve authentication info)
> in the auth.log file.
>
> getent passwd works but not the authtication.
>
> I suppose there's still something wrong with the sssd.conf file.
>
> Cyril
>
OK, do you have libpam-krb5 installed ? on my laptop (running Linux Mint
15) I find this in auth.log:
mdm[1843]: pam_krb5(mdm:auth): user rowland authenticated as
rowland at HOME.LAN
Rowland
More information about the samba
mailing list