- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- LDAP-UX (Win ADS Kerberos) + sshd
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-12-2011 05:28 AM
12-12-2011 05:28 AM
LDAP-UX (Win ADS Kerberos) + sshd
Hi guys,
I'm at a loss here.
I've followed the LDAP-UX Administrator's Guide (HP Part Number: 5900-1479) and I have Kerberos working fine with the Windows ADS Domain. `kinit(1)' even nicely gets a ticket after authentication, but for the life of me, I can't seem to get `sshd' to play nice with the whole thing. I still can't connect to my HP/UX 11iv3 machine (HP-UX hvs11 B.11.31 U ia64) via `ssh' using an ADS account.
What am I missing here? Any takers?
Some configuration files and feedback from my system:
# /opt/ldapux/config/netjoin Scanning DNS domain "intern.hilversum.nl" for any registered Active Directory servers... Please enter the DN of a user that has sufficient privilege to add this host to the "intern.hilversum.nl" domain. Note also that if this is the first time adding an HP-UX host to this directory server, LDAP-UX may also need to extend the server's schema. Please enter the DN of an Administrator with these privileges or press Return for the default value [CN=Administrator,CN=Users,DC=intern,DC=hilversum,DC=nl]: cn=root,ou=Beheerders,ou=Gebruikers-zonder-Zarafa,ou=Hilversum,dc=intern,dc=hilversum,dc=nl Please enter the administrator's password: Found profile entry CN=ldapuxprofile,CN=system,DC=intern,DC=hilversum,DC=nl. Successfully downloaded profile entry from AD server. Created "hvs11.intern.hilversum.nl" computer account. Modified UserAccountControl of "hvs11.intern.hilversum.nl" computer account. Backing up all the default krb5 log files. The Kerberos configuration file /etc/krb5.conf has been created. Configured "hvs11.intern.hilversum.nl" as LDAP-UX proxy. Your LDAP-UX client has been successfully configured and is now a member of the "intern.hilversum.nl" domain.
The Kerberos configuration:
# cat /etc/krb5.conf [libdefaults] default_realm = INTERN.HILVERSUM.NL default_tgs_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC default_tkt_enctypes = AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 DES-CBC-CRC DES-CBC-MD5 RC4-HMAC ccache_type = 2 [realms] INTERN.HILVERSUM.NL = { kdc = sdc01.intern.hilversum.nl:88 kpasswd = sdc02.intern.hilversum.nl:464 } [domain_realm] .intern.hilversum.nl = INTERN.HILVERSUM.NL [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log
`kinit(1)' working:
# kinit sre Password for sre@INTERN.HILVERSUM.NL: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: sre@INTERN.HILVERSUM.NL Valid starting Expires Service principal 12/12/11 14:16:42 12/13/11 00:16:42 krbtgt/INTERN.HILVERSUM.NL@INTERN.HILVERSUM.NL #
The sshd rules in `/etc/pam.conf':
# grep sshd pam.conf sshd auth required libpam_hpsec.so.1 sshd auth sufficient libpam_krb5.so.1 sshd auth required libpam_unix.so.1 try_first_pass sshd account required libpam_hpsec.so.1 sshd account sufficient libpam_krb5.so.1 sshd account required libpam_unix.so.1 sshd session required libpam_hpsec.so.1 sshd session sufficient libpam_krb5.so.1 sshd session required libpam_unix.so.1 sshd password required libpam_hpsec.so.1 sshd password sufficient libpam_krb5.so.1 sshd password required libpam_unix.so.1 try_first_pass
And the `nsswitch.conf' entries concerning ldap:
# grep ldap nsswitch.conf passwd: files ldap group: files ldap
dmr ~~
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP