Hi,
Topic says pretty much everything.
I have been managing our network for the past 10 years on the clientside and just installed my first server from scratch. Asterisk needs some love, but my main concern is Kerberos, which is only partly functioning:
* The users (managed in LDAP) can login from their laptops via SSSD perfectly fine: host/<fqdn>@REALM is working
* Mounting an NFS share fails with the error message that the 'Server principal is valid for user 2 user auth only'
* The same error message is returned if I try to rely on GSSAPI as the auth mechanism for IMAP.
I mainly stuck to online tutorials, inlcuding those by MIT and Red Hat, i.e.
1. On the server (kdc+kadmin in 1 machine) adding host/ , nfs/ and HTTP/ principals through kadmin (addprinc + ktadd)
2. On the clients doing exactly the same.
Frequently recurring issues with Kerberos have been checked:
* Time is synched via NTP
* KVNO numbers match between the server's keytab and the client's keytab.
I have not yet been able to find anything that explains this error, so I don't even understand how to start dealing with it. Does anyone here have a pointer?
Thx!
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
New Kerberos realm - principal only valid for user 2 user
Re: New Kerberos realm - principal only valid for user 2 use
how does this relate to debian? Are you using Debian?
please link the tutorials that you are using.
please link the tutorials that you are using.
-
- Posts: 677
- Joined: 2018-05-10 19:34
- Location: Some where out west
- Been thanked: 1 time
Re: New Kerberos realm - principal only valid for user 2 use
Neither do I, but ,---so I don't even understand how to start dealing with it. Does anyone here have a pointer?
If the OP is using Debian, or if it was me , I would start here:
https://wiki.debian.org/LDAP/Kerberos
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Re: New Kerberos realm - principal only valid for user 2 use
Yes. Buster on both server and all clients.pylkko wrote:how does this relate to debian? Are you using Debian?
The clients had already been upgraded to Buster end of last year. When changing from the old server (Jessie) to the new one (Buster), this issue popped up. I'm fairly confident that all configuration files are identical on both servers, so I'm probably missing a setting that was introduced between Jessie (krb5-kdc 1.12.1) and Buster (v 1.17.3).
https://web.mit.edu/kerberos/krb5-latest/doc/pylkko wrote:please link the tutorials that you are using.
and
https://access.redhat.com/documentation ... g_kerberos
(I believe I did also read through the Ubuntu documentation)
The Debian wiki does not have any recent information on how to set up Kerberos.
Thank you,
Vincent