SSSD/Kerberos/LDAP Authentication: Difference between revisions
Jump to navigation
Jump to search
Line 8: | Line 8: | ||
===Configure Kerberos=== | ===Configure Kerberos=== | ||
#Gather the list of KDCs for the realm. | #Gather the list of KDCs for the realm, the KDCs are bold italic. | ||
##<tt>'''# nslookup -type=SRV _kerberos._tcp.<domain in lowercase>'''</tt> | ##<tt>'''# nslookup -type=SRV _kerberos._tcp.<domain in lowercase>'''</tt> | ||
Output of previous command: | Output of previous command: | ||
Line 14: | Line 14: | ||
Address: <ip address>#53 | Address: <ip address>#53 | ||
_kerberos._tcp.<domain in lowercase> service = 0 100 88 dc1.<domain in lowercase>. | _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc1.<domain in lowercase>'''''. | ||
_kerberos._tcp.<domain in lowercase> service = 0 100 88 dc2.<domain in lowercase>. | _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc2.<domain in lowercase>'''''. | ||
_kerberos._tcp.<domain in lowercase> service = 0 100 88 dc3.<domain in lowercase>. | _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc3.<domain in lowercase>'''''. | ||
_kerberos._tcp.<domain in lowercase> service = 0 100 88 dc4.<domain in lowercase>. | _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc4.<domain in lowercase>'''''. | ||
</pre> | </pre> | ||
#Create a backup of the /etc/krb5.conf file. | #Create a backup of the /etc/krb5.conf file. | ||
##<tt>'''# cp -p /etc/krb5.conf{,.bak}'''</tt> | ##<tt>'''# cp -p /etc/krb5.conf{,.bak}'''</tt> | ||
##Modify the /etc/krb5.conf file as follows, changes are highlighted in yellow. | ##Modify the /etc/krb5.conf file as follows, changes are highlighted in yellow. |
Revision as of 16:19, 21 July 2016
Install Required Packages
- RHEL6: Install the following packages.
- # yum install sssd krb5-workstation samba-common authconfig oddjob oddjob-mkhomedir openldap-clients ipa-client sssd-common krb5-devel
- RHEL7: Install the following packages
- # yum install sssd krb5-workstation samba-common authconfig oddjob oddjob-mkhomedir openldap-clients sssd-libwbclient sssd-tools ipa-client sssd-common krb5-devel
- UBUNTU: Install the following packages
- $ sudo apt-get install krb5-user krb5-config samba sssd ntp nscd libpam-sss libnss-sss sssd-tools sssd-ad libpam-modules
Configure Kerberos
- Gather the list of KDCs for the realm, the KDCs are bold italic.
- # nslookup -type=SRV _kerberos._tcp.<domain in lowercase>
Output of previous command:
Server: <ip address> Address: <ip address>#53 _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc1.<domain in lowercase>'''''. _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc2.<domain in lowercase>'''''. _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc3.<domain in lowercase>'''''. _kerberos._tcp.<domain in lowercase> service = 0 100 88 '''''dc4.<domain in lowercase>'''''.
- Create a backup of the /etc/krb5.conf file.
- # cp -p /etc/krb5.conf{,.bak}
- Modify the /etc/krb5.conf file as follows, changes are highlighted in yellow.