1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Kerberos authentication, httpd and samba

Discussion in 'Linux / Unix Discussion' started by Leehaa, Aug 14, 2009.

  1. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    Hi,

    I had successfully set up an apache web server and it was running fine...then suddenly overnight, it has gotten confused and when you go to login to it, you get:

    "connect to **...the server at krb5 auth requires a username and password..."

    I looked at the httpd settings (auth_kerb.conf and httpd.conf) and nothing has changed...

    ...however, in the smb.conf, the line: allow kerberos keytab =True was missing.

    No-one has changed this.

    Why would it just disappear?

    I have put it back in and re-started smb and httpd...but no joy. re-started the server, but still no joy.

    Any ideas on what it could be?

    Am baffled.

    If I get anywhere I shall post up, as it may be an interesting read to someone.

    Also, when I finally do get the thing working, would any of you VLAMP people be interested in some simple documentation on it all?

    Cheers,

    Lee
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  2. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    OOoh! Think it's something to do with the HTTP SPNs...

    just had a look on the DC and, they aren't there for the server anymore...

    ...going to create a new keytab...then give apache the correct permissions again...

    ...will update again in a bit!
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  3. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    It was kind of to do with the above in that, in order to get it working again I had to re-enter the HTTP SPNs and get a new keytab.

    However

    I think that the actual problem may have been caused by a cloned machine (...that was up and running for about 1 hour to check the original could clone ok before creating a master template...then destroyed) Reckon that some setting somewhere had been duplicated causing things to get confused as, after re-joining the original to domain and then performing the above, things didn't kick in (even after about 30 mins)...however, after leaving it switched off for the weekend and changing nothing else, it's all working fine again today.

    Will have to do some digging...
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  4. Leehaa

    Leehaa Gigabyte Poster

    1,648
    21
    91
    Oh, and someone had changed the kerberos = true setting - was still there, just tidied into a different section of smb.conf so I hadn't spotted it!

    Talking to yourself is the first sign of madness...talking to yourself many times is...oh boy!! :eek:
     
    Certifications: MCP, MCDST, ITIL v3, MBCS, others...
    WIP: BSc IT & Computing, RHCE
  5. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    We're all sitting here patiently, watching and waiting for you to crack :)

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA

Share This Page

Loading...