Hi guys, me again =)
Like, i followed the instructions to use AD in CentOS, from this site: http://www.sweetnam.eu/index.php/Using_Active_Directory_for_CentOS
But when i run kinit (kinit patryk@vamola.net), im gettin the error: kinit(v5): Cannot resolve network address for KDC in realm vamola.net while getting initial credentials
Here we go:
/etc/krb5.conf
[code]
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = vamola.net
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
vamola.net = {
kdc = 37.49.227.240:88
admin_server = 37.49.227.240:749
default_domain = vamola.net
}
[domain_realm]
.vamola.net = VAMOLA.NET
vamola.net = VAMOLA.NET
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
[/code]
/var/kerberos/krb5kdc/kdc.conf
[code]
[kdcdefaults]
v4_mode = nopreauth
kdc_tcp_ports = 88
[realms]
vamola.net = {
#master_key_type = des3-hmac-sha1
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
[/code]
/etc/samba/smb.conf
[code]
[global]
security = ads
netbios name = VAMOLA
realm = vamola.net
password server = adpdc.vamola.net
workgroup = VAMOLA
idmap uid = 500-10000000
idmap gid = 500-10000000
winbind separator = +
winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
domain master = no
local master = yes
os level = 100
preferred master = yes
wins support = yes
unix password sync = yes
map to guest = bad user
#guest account = nobody
[home]
comment = Home Directories
create mask = 0755
directory mask = 0755
browseable = yes
writable = yes
valid users = root, patryk
admin users = root, patryk
force user = root
force group = root
path = /home
[/code]
/etc/nsswitch.conf
[code]
passwd: compat winbind files
shadow: compat winbind files
group: compat winbind files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
[/code]
/etc/pam.d/system-auth
[code]
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
auth sufficient /lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account sufficient /lib/security/$ISA/pam_krb5.so
account sufficient /lib/security/$ISA/pam_winbind.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_krb5.so
[/code]
finally, /etc/hosts
[code]
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost localhost.localdomain
::1 localhost localhost6.localdomain6 localhost6
37.49.227.240 srv1.vamola.net srv1 adpdc.vamo.net
37.49.227.240 vamola.net
37.49.227.240 adpdc.vamola.net
[/code]
I made setlinux too:
setsebool -P samba_enable_home_dirs on
setsebool -P samba_domain_controller on
LDAP and SAMBA ports were added to firewall too, and nothing...
Any ideas?
Thanks guys!
Best reggards!
AD Error - kinit(v5): Cannot resolve network address...
-
- Posts: 18
- Joined: 2012/02/27 00:55:13
- Contact: