by Hello!
I'm trying to make it possible for the users of our Windows 2000
domain to log on to a RedHat Linux 7.0 workstation using Kerberos v5
authentication. Here's a description of my setup and what I've done:
- Windows 2000 domain: foobar.com
- Windows 2000 Server (w2kserver.foobar.com), address 10.0.0.2
- RedHat Linux 7.0 workstation (rhlinux.foobar.com), address
10.0.0.100
- User account 'johndoe' in both Windows 2000 domain and Linux
workstation.
- User account 'rhlinux' in Windows 2000 domain.
- I've synchronized the clocks of W2K server and Linux workstation.
- I've made /etc/krb5.conf look like this:
[libdefaults]
default_realm = FOOBAR.COM
default_tkt_enctypes = des-cbc-md5
default_tgs_enctypes = des-cbc-md5
[realms]
FOOBAR.COM = {
kdc = 10.0.0.2:88
admin_server = 10.0.0.2
}
- I used Microsoft's ktpass-tool to create a keytab file:
-mapuser rhlinux -pass VerySecretPassword -out rhlinux.keytab
- Then transferred rhlinux.keytab to the Linux workstation and did
this:
ktutil
ktutil: rkt rhlinux.keytab
ktutil: wkt /etc/krb5.keytab
ktutil: q
- Did this when logged on as root:
kinit(v5): Cannot contact any KDC for requested realm while
getting initial credentials
Found nothing from logs of the Linux workstation, but the security log
of the Windows 2000 server says the following:
Type: Failure
Category: Account Logon
Event ID: 675
Description:
Pre-authentication failed:
User Name: johndoe
User ID: FOOBAR\johndoe
Service Name: krbtgt/FOOBAR.COM
Pre-Authentication Type: 0x0
Failure Code: 25
Client Address: 10.0.0.100
After this error message, there was a success audit saying that user
johndoe has been granted authentication ticket.
I would be very grateful if someone could point out what I'm doing
wrong here.
Thanks in advance! =)
- Jari