[30683] in Kerberos
RE: Prob: failed to verify krb5 credentials: Server not found in Kerb
daemon@ATHENA.MIT.EDU (Paul Moore)
Tue Feb 3 17:16:13 2009
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 3 Feb 2009 14:14:02 -0800
Message-ID: <BB7E16A14DE689469A181EC770AFBF4D02A77EF3@exch-one.centrify.com>
In-Reply-To: <4988C165.5000006@anl.gov>
From: "Paul Moore" <paul.moore@centrify.com>
To: "Douglas E. Engert" <deengert@anl.gov>
Cc: slaindevil@kabelmail.de, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
for sure the port number should not be in the SPN. I didnt even notice
that. I was wondering if there is any principal at all
-----Original Message-----
From: Douglas E. Engert [mailto:deengert@anl.gov]
Sent: Tuesday, February 03, 2009 2:13 PM
To: Paul Moore
Cc: slaindevil@kabelmail.de; kerberos@mit.edu
Subject: Re: Prob: failed to verify krb5 credentials: Server not found
in Kerb
Paul Moore wrote:
> is there an AD account with that SPN?
> HTTP/wiki.test.lan:8080@SRV.TEST.LAN
The port number :8080 is usually not part of the principal name.
So the browser may be looking for HTTP/wiki.test.lan@SRV.TEST.LAN
>
> -----Original Message-----
> From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
> Behalf Of slaindevil@kabelmail.de
> Sent: Tuesday, February 03, 2009 6:28 AM
> To: kerberos@mit.edu
> Subject: Prob: failed to verify krb5 credentials: Server not found in
> Kerb
>
> Hey guys,
>
> I am short before dispairing :(
>
> Maybe someone has time and likes to help me? :)
>
> I am trying to set up kerberos to authenticate a
> TWiki running on Unix against an Windows Server 2003 Active
Directory...
>
> I configured the krb5.conf like this:
>
> [logging]
> ...
>
> [libdefaults]
> default_realm = SRV.TEST.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 24000
> forwardable = yes
>
> [realms]
> SRV.TEST.LAN = {
> kdc = location.srv.test.lan:88
> admin_server = location.srv.test.lan:749
> default_domain = SRV.TEST.LAN
> }
>
> [domain_realm]
> .test.lan = SRV.TEST.LAN
> test.lan = SRV.TEST.LAN
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 24000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
> When I use "kinit" everything works fine. With every valid login I get
a
> ticket...
>
>
> Then I created the keytab file, set with a valid user and password for
> the service: HTTP/wiki.test.lan:8080@SRV.TEST.LAN
Leave off the :8080
>
> http://wiki.test.lan:8080/bin is the url I type into the browser...
>
> When I use "kinit" with the keytab and HTTP/wiki.test.lan:8080
> everything works fine... I get a ticket...
>
> Now I wanna setup the twiki to use kerberos to authenticate with...
> The httpd.conf for the "bin" directory at http://wiki.test.lan:8080/
is
> like following:
> Order Deny,Allow
> Allow from all
>
> AuthType Kerberos
> KrbAuthRealms SRV.TEST.LAN
> KrbServiceName HTTP
> Krb5Keytab /etc/http.keytab
> KrbMethodNegotiate on
> KrbMethodK5Passwd on
> Require valid-user
>
> When I browse to "http://wiki.srv.lan:8080/bin" the login box
prompts...
> I enter a valid login, but the box stays...
>
> In the log it says:
> failed to verify krb5 credentials: Server not found in Kerberos
database
>
> What is wrong? Can someone help me?! :(
>
> Greets,
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
