- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: HP-UX authentication to Active Directory
Operating System - HP-UX
1755721
Members
3067
Online
108837
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2010 01:50 PM
тАО03-12-2010 01:50 PM
HP-UX authentication to Active Directory
I can't seem to get it working... I'm only trying to do authentication against AD, not user management, so no LDAP. This is on a newly installed 11.23 with the latest patches installed.
swlist -l product | grep -i -e krb -e kerb
KRB5-Client B.11.23 Kerberos V5 Client Version 1.0
PAM-Kerberos C.01.26 PAM-Kerberos Version 1.26
PHSS_39765 1.0 KRB5-Client Version 1.0 Cumulative patch
I copied over the /etc/pam.krb5 to /etc/pam.conf. I've verified everything is setup:
pamkrbval -a pa64
Validating the pam configuration files
---------- --- --- ------------- -----
Validating the /etc/pam.conf file
[PASS] : The validation of config file: /etc/pam.conf passed
[NOTICE] : The validation of config file: /etc/pam_user.conf is not done
as libpam_updbe library is not configured
Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed
Connecting to default Realm
---------- -- ------- -----
[PASS] : Default Realm is issuing tickets
Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[WARNING] : Keytab file /etc/krb5.keytab is not present
[IGNORE] : The keytab validation is ignored,assuming success
Validating the rc_host file for ownership
-------- ------ ---- -------- ------ -----
[PASS] :The Validation of rc_host file:/usr/tmp/rc_host_0 is successful
Using kinit and klist, I can verify ticket granting.
With debug enable in sshd and pam.conf I get:
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: PAM: initializing for "testuser"
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: PAM: setting PAM_RHOST to "testhost.domain.com"
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: Failed none for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 3 (AUTH_FAIL_NONE)
Mar 12 16:20:47 cocbhpuhlat1 sshd[7674]: pam_authenticate: error Authentication failed
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: debug1: Entering record_failed_login uid 0
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 16:21:02 cocbhpuhlat1 sshd[7674]: pam_authenticate: error Authentication failed
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: debug1: Entering record_failed_login uid 0
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 16:21:17 cocbhpuhlat1 sshd[7674]: debug1: do_pam_account: called
Any ideas? I know this can work as I have Linux hosts authenticating.
swlist -l product | grep -i -e krb -e kerb
KRB5-Client B.11.23 Kerberos V5 Client Version 1.0
PAM-Kerberos C.01.26 PAM-Kerberos Version 1.26
PHSS_39765 1.0 KRB5-Client Version 1.0 Cumulative patch
I copied over the /etc/pam.krb5 to /etc/pam.conf. I've verified everything is setup:
pamkrbval -a pa64
Validating the pam configuration files
---------- --- --- ------------- -----
Validating the /etc/pam.conf file
[PASS] : The validation of config file: /etc/pam.conf passed
[NOTICE] : The validation of config file: /etc/pam_user.conf is not done
as libpam_updbe library is not configured
Validating the kerberos config file
---------- --- -------- ------ -----
[PASS] : Initialization of kerberos passed
Connecting to default Realm
---------- -- ------- -----
[PASS] : Default Realm is issuing tickets
Validating the keytab entry for the host service principal
---------- --- ------ ----- --- --- ---- ------- ---------
[WARNING] : Keytab file /etc/krb5.keytab is not present
[IGNORE] : The keytab validation is ignored,assuming success
Validating the rc_host file for ownership
-------- ------ ---- -------- ------ -----
[PASS] :The Validation of rc_host file:/usr/tmp/rc_host_0 is successful
Using kinit and klist, I can verify ticket granting.
With debug enable in sshd and pam.conf I get:
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: PAM: initializing for "testuser"
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: PAM: setting PAM_RHOST to "testhost.domain.com"
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: Failed none for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:20:37 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 3 (AUTH_FAIL_NONE)
Mar 12 16:20:47 cocbhpuhlat1 sshd[7674]: pam_authenticate: error Authentication failed
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: debug1: Entering record_failed_login uid 0
Mar 12 16:20:49 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 16:21:02 cocbhpuhlat1 sshd[7674]: pam_authenticate: error Authentication failed
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3452 ssh2
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: debug1: Entering record_failed_login uid 0
Mar 12 16:21:04 cocbhpuhlat1 sshd[7674]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 16:21:17 cocbhpuhlat1 sshd[7674]: debug1: do_pam_account: called
Any ideas? I know this can work as I have Linux hosts authenticating.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-12-2010 02:06 PM
тАО03-12-2010 02:06 PM
Re: HP-UX authentication to Active Directory
Sorry, seems I didn't have pam debugging enabled properly.
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: rexec start in 6 out 6 newsock 6 pipe 8 sock 9
Mar 12 17:01:35 cocbhpuhlat1 sshd[7664]: debug1: Forked child 9882.
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: inetd sockets after dupping: 5, 5
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: audit connection from 192.168.1.99 port 3797 euid 0
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: Connection from 192.168.1.99 port 3797
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: HPN Disabled: 0, HPN Buffer Size: 65536
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: SSH: Server;Ltype: Version;Remote: 192.168.1.99-3797;Protocol: 2.0;Client: PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: no match: PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Enabling compatibility mode for protocol 2.0
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Local version string SSH-1.99-OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is protocol
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is syslogfacility
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is loglevel
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is kerberosauthentication
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is usepam
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is x11forwarding
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is subsystem
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: PAM: initializing for "testuser"
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_start(sshd testuser)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(1)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(2)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: PAM: setting PAM_RHOST to "testhost.domain.com"
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(4)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: Failed none for testuser from 192.168.1.99 port 3797 ssh2
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: audit event euid 0 user testuser event 3 (AUTH_FAIL_NONE)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_authenticate()
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: load_modules: /usr/lib/security/pa20_64/libpam_unix.so.1
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: load_function: successful load of pam_sm_authenticate
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_get_username(ux)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_mapping_in_use()
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_set_item(6)
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_authenticate: error Authentication failed
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3797 ssh2
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: debug1: Entering record_failed_login uid 0
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_set_item(6)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_authenticate()
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: load_modules: /usr/lib/security/pa20_64/libpam_unix.so.1
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_get_username(ux)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_mapping_in_use()
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: rexec start in 6 out 6 newsock 6 pipe 8 sock 9
Mar 12 17:01:35 cocbhpuhlat1 sshd[7664]: debug1: Forked child 9882.
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: inetd sockets after dupping: 5, 5
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: audit connection from 192.168.1.99 port 3797 euid 0
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: Connection from 192.168.1.99 port 3797
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: HPN Disabled: 0, HPN Buffer Size: 65536
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Client protocol version 2.0; client software version PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: SSH: Server;Ltype: Version;Remote: 192.168.1.99-3797;Protocol: 2.0;Client: PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: no match: PuTTY_Release_0.60
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Enabling compatibility mode for protocol 2.0
Mar 12 17:01:35 cocbhpuhlat1 sshd[9882]: debug1: Local version string SSH-1.99-OpenSSH_5.3p1+sftpfilecontrol-v1.3-hpn13v5
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is protocol
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is syslogfacility
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is loglevel
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is kerberosauthentication
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is usepam
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is x11forwarding
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: Config token is subsystem
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: PAM: initializing for "testuser"
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_start(sshd testuser)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(1)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(2)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: PAM: setting PAM_RHOST to "testhost.domain.com"
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(4)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: Failed none for testuser from 192.168.1.99 port 3797 ssh2
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: debug1: audit event euid 0 user testuser event 3 (AUTH_FAIL_NONE)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_authenticate()
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: load_modules: /usr/lib/security/pa20_64/libpam_unix.so.1
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: load_function: successful load of pam_sm_authenticate
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_get_username(ux)
Mar 12 17:01:41 cocbhpuhlat1 sshd[9882]: pam_mapping_in_use()
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_set_item(6)
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_authenticate: error Authentication failed
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: error: PAM: Authentication failed for testuser from testhost.domain.com
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: Failed keyboard-interactive/pam for testuser from 192.168.1.99 port 3797 ssh2
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: debug1: Entering record_failed_login uid 0
Mar 12 17:02:02 cocbhpuhlat1 sshd[9882]: pam_set_item(6)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: debug1: audit event euid 0 user testuser event 5 (AUTH_FAIL_KBDINT)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_set_item(5)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_authenticate()
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: load_modules: /usr/lib/security/pa20_64/libpam_unix.so.1
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_get_username(ux)
Mar 12 17:02:04 cocbhpuhlat1 sshd[9882]: pam_mapping_in_use()
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-30-2010 10:22 AM
тАО03-30-2010 10:22 AM
Re: HP-UX authentication to Active Directory
Bump.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP