Jump to content

Kerberos 5 (сыплет ошибками ни как не могу настроить)


Recommended Posts

Вроде-бы настроил как написано в доке, самая простая настройка. При старте Kerberos выдает ошибку инициализации и пишет в лог вот эту фразу -- krb5kdc: Cannot find/read stored master key - while fetching master key K/M for realm ZP

Подскажите где искать ошибочку.

krb5.conf:

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

ticket_lifetime = 24000

default_realm = ZP

dns_lookup_realm = false

dns_lookup_kdc = false

[realms]

ZP = {

kdc = ser1:88

admin_server = ser1:749

default_domain = zp

}

[domain_realm]

.zp = ZP

zp = ZP

Link to post
Share on other sites

Вот по твоему вопросу

http://mailman.mit.edu/pipermail/kerberos/2004-July/005741.h tml

http://www.afp548.com/forum/viewtopic.php?forum=39&showt opic=2496

#

On the new slave, create a stash file by using kdb5_util.

kdc3 # /usr/sbin/kdb5_util stash

kdb5_util: Cannot find/read stored master key while reading master key

kdb5_util: Warning: proceeding without master key

Enter KDC database master key: <type the key>

http://www.lns.cornell.edu/public/COMP/krb5/krb5-install/Cre ate-Stash-Files-on-the-Slave-KDCs.html

Link to post
Share on other sites

А взять словарь тяжело - либо поискать в гугле.

4.7 Creating a Stash File

A stash file allows a KDC to authenticate itself to the database utilities, such as kadmin, kadmind, krb5kdc, and kdb5_util.

To create a stash file, use the kdb5_util stash command. The syntax is:

kdb5_util stash [-f keyfile]

For example:

shell% kdb5_util stash

kdb5_util: Cannot find/read stored master key while reading master key

kdb5_util: Warning: proceeding without master key

Enter KDC database master key: <= Type the KDC database master password.

shell%

If you do not specify a stash file, kdb5_util will stash the key in the file specified in your kdc.conf file.

4.8 Creating and Destroying a Kerberos Database

If you need to create a new Kerberos database, use the kdb5_util create command. The syntax is:

kdb5_util create [-s]

If you specify the `-s' option, kdb5_util will stash a copy of the master key in a stash file. (See Creating a Stash File.) For example:

shell% /usr/local/sbin/kdb5_util -r ATHENA.MIT.EDU create -s

kdb5_util: No such file or directory while setting active database to

=> '/usr/local/var/krb5kdc/principal'

Initializing database '/usr/local/var/krb5kdc/principal' for

=> realm 'ATHENA.MIT.EDU',

master key name 'K/M@ATHENA.MIT.EDU'

You will be prompted for the database Master Password.

It is important that you NOT FORGET this password.

Enter KDC database master key: <= Type the master password.

Re-enter KDC database master key to verify: <= Type it again.

shell%

http://unix.lsa.umich.edu/docs/mit-kerberos/admin_5.html

Link to post
Share on other sites

Kerberos удалось настроить. Удалось зарегистрироватся в ADS на сервере. Вот только не получается подключить пользователей через самбу.

wbinfo -u выдает ошибку

Error looking up domain users

Уже все перекопал. Не найду в чем причина.

Везде пишут про какую-то комманду kinit но она у меня тоже не срабатвает. Пишет - kinit(v5): Client not found in Kerberos database while getting initial credentials

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...