SSSD/Kerberos/LDAP Authentication
Jump to navigation
Jump to search
Install Required Packages
- RHEL6: Install the following packages.
- # yum install sssd krb5-workstation samba-common authconfig oddjob oddjob-mkhomedir openldap-clients ipa-client sssd-common krb5-devel
- RHEL7: Install the following packages
- # yum install sssd krb5-workstation samba-common authconfig oddjob oddjob-mkhomedir openldap-clients sssd-libwbclient sssd-tools ipa-client sssd-common krb5-devel
Configure Kerberos
- Gather the list of KDCs for the realm.
- # nslookup -type=SRV _kerberos._tcp.<domain in lowercase>
Output of previous command:
Server: <ip address> Address: <ip address>#53 _kerberos._tcp.<domain in lowercase> service = 0 100 88 <span style="background:yellow">dc1.<domain in lowercase></span>. _kerberos._tcp.<domain in lowercase> service = 0 100 88 <span style="background:yellow">dc2.<domain in lowercase></span>. _kerberos._tcp.<domain in lowercase> service = 0 100 88 <span style="background:yellow">dc3.<domain in lowercase></span>. _kerberos._tcp.<domain in lowercase> service = 0 100 88 <span style="background:yellow">dc4.<domain in lowercase></span>.
- Create a backup of the /etc/krb5.conf file.
- # cp -p /etc/krb5.conf{,.bak}
- Modify the /etc/krb5.conf file as follows, changes are highlighted in yellow.