AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only

  • 1.  error binding to ldap over kerberos

    Posted Fri August 05, 2011 03:32 PM

    Originally posted by: SystemAdmin


    Has anyone been successful in binding to ldap over kerberos, or do most of you use SSL?

    I'm trying kerberos and getting this error

    3001-740 Kerberos init failed using command /usr/krb5/bin/kinit, key table file /etc/krb5/krb5.keytab, on principal host/server-name.domain.com.

    /etc/security/ldap/ldap.cfg:
    useKRB5:yes
    krbprincipal:host/server-name.domain.com
    krbkeypath:/etc/krb5/krb5.keytab
    krbcmddir:/usr/krb5/bin/

    Otherwise I can bind OK using a username/password in my mksecldap command but I'd prefer not to. I've imported the keytab file from windows and generated it there with Ktpass the host/server-name.domain.com@MYREALM.COM principal. So everything else seems to work except for the binding. Any help out there?

    This is aix5.3 TL9
    #AIX-Forum


  • 2.  Re: error binding to ldap over kerberos

    Posted Fri August 05, 2011 03:47 PM

    Originally posted by: SystemAdmin


    It should also be mentioned that I am able to run kinit myself and obtain a ticket:

    root@server-name# kinit
    Password for host/server-name.domain.com@MYREALM.COM
    root@server-name# klist
    Ticket cache: FILE:/var/krb5/security/creds/krb5cc_0
    Default principal: host/server-name.domain.com@MYREALM.COM

    Valid starting Expires Service principal
    08/05/11 15:41:57 08/06/11 01:42:03 krbtgt/MYREALM@MYREALM.COM
    Renew until 08/06/11 15:41:57
    #AIX-Forum


Related Content