Operating System - Linux

1827809 Members

1944 Online

109969 Solutions

Kerberos autentication in Win domain using mod_auth_kerb

Hi,
I have problem with configuring kerberos authetication within windows domain using apache module mod_auth_kerb.
At the beginning there was only one domain - the web server and users were in one domain AD.X.CZ

there is listing of /etc/krb5.conf:
[libdefaults]
ticket_lifetime = 24000
default_realm = AD.X.CZ
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
AD.X.CZ = {
kdc = NTAD.x.cz:88
admin_server = NTAD.x.cz:749
default_domain = x.cz
}

[domain_realm]
.x.cz = AD.X.CZ
x.cz = AD.X.CZ

and listing of httpd.conf:

AuthType Kerberos
AuthName "Bla bla..."
KrbAuthRealms AD.X.CZ
KrbServiceName HTTP
KrbVerifyKDC off
Krb5Keytab /bla/bla/private/http.keytab
KrbMethodNegotiate off
KrbMethodK5Passwd on
KrbSaveCredentials off
KrbAuthoritative on
require valid-user

But now I need to allow access for users from another trusted domain (lets say AD.Y.CZ).
I add to krb5.conf another realm and the same realm to KrbAuthRealms directive, but there are only failed logins in logs on win KDC.

The attempts for authentication are for Y_domain_user@AD.X.CZ, but the Y_domain_user user is from domain Y, so error message "failed: Client not found in Kerberos database" appers in log.

Where is the basic problem in my configuration?
Any advice is really welcome.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Kerberos autentication in Win domain using mod_auth_kerb

Kerberos autentication in Win domain using mod_auth_kerb