Error with Kerberos in Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Well, i try my first test and work,  if i authentic with Ldap protocols without kerberos work, but i try add kerberos, show erros messages in log. Any idea?

No errors in apachectl configtest


###############################################
cat /etc/krb5.conf

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = REDE.COM.BR
 dns_lookup_realm = false
 dns_lookup_kdc = true
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
 REDE.COM.BR = {
 kdc = REDE.COM.BR
 admin_server = REDE.COM.BR
 }

[domain_realm]
 .rede.com.br=REDE.COM.BR
 rede.com.br=REDE.COM.BR

###############################################

kinit root
Password for root@xxxxxxxxxxx

klist
Ticket cache: KEYRING:persistent:0:0
Default principal: root@xxxxxxxxxxx

Valid starting       Expires              Service principal
05/09/2017 09:45:36  05/09/2017 19:45:36  krbtgt/REDE.COM.BR@xxxxxxxxxxx
renew until 05/16/2017 09:45:34

###############################################
 cat /etc/httpd/conf.d/proxy.conf 
<VirtualHost *:80>
    ProxyPreserveHost Off
    ProxyPass / http://localhost:631/
    ProxyPassReverse / http://localhost:631/


LogLevel debug

<Location />

 AuthType Kerberos
 KrbMethodNegotiate On
 AuthName "REDE.COM.BR Domain Login"
 KrbMethodK5Passwd On
 KrbAuthRealms REDE.COM.BR
 Krb5KeyTab /etc/httpd/conf.d/httpd.keytab
 KrbLocalUserMapping on
 require valid-user

#   AuthName "Informe usuario da rede"
#   AuthType Basic
#   AuthBasicProvider ldap
   AuthLDAPUrl ldap://rede.com.br/ou=usuarios,dc=rede,dc=com,dc=br?sAMAccountName
   AuthLDAPBindDN cn=users,dc=rede,dc=com,dc=br
   AuthLDAPBindPassword XXXXXX
   Require valid-user
   LDAPReferrals Off
   </Location>
#</Directory>

</VirtualHost>


###############################################

[root@delorean1 conf.d]# tail -f /var/log/httpd/error_log
[Mon May 08 17:48:42.320886 2017] [auth_kerb:error] [pid 19879] [client 10.251.14.140:55636] failed to verify krb5 credentials: Server not found in Kerberos database, referer: http://10.1.1.75/
[Mon May 08 17:48:42.320898 2017] [auth_kerb:debug] [pid 19879] src/mod_auth_kerb.c(1127): [client 10.251.14.140:55636] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), referer: http://10.1.1.75/
[Mon May 08 17:48:55.301656 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://10.1.1.75/
[Mon May 08 17:48:55.301702 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://10.1.1.75/
[Mon May 08 17:48:55.301710 2017] [authz_core:debug] [pid 19881] mod_authz_core.c(809): [client 10.251.14.140:55638] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://10.1.1.75/
[Mon May 08 17:48:55.301736 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1954): [client 10.251.14.140:55638] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos, referer: http://10.1.1.75/
[Mon May 08 17:48:55.302037 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1048): [client 10.251.14.140:55638] Using HTTP/10.1.1.75@ as server principal for password verification, referer: http://10.1.1.75/
[Mon May 08 17:48:55.302062 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(752): [client 10.251.14.140:55638] Trying to get TGT for user REDE.COM.BRroot@xxxxxxxxxxx, referer: http://10.1.1.75/
[Mon May 08 17:48:55.306313 2017] [auth_kerb:error] [pid 19881] [client 10.251.14.140:55638] krb5_get_init_creds_password() failed: Client not found in Kerberos database, referer: http://10.1.1.75/
[Mon May 08 17:48:55.306348 2017] [auth_kerb:debug] [pid 19881] src/mod_auth_kerb.c(1127): [client 10.251.14.140:55638] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL), referer: http://10.1.1.75/
--
<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>

Disse-lhe Jesus: Eu sou o caminho, e a verdade e a vida; ninguém vem ao Pai, senão por mim >
                                                             (João 14:6)

                                                                    Att.
                                        ♪ ♫  Luiz Guilherme Nunes Fernandes  ♫ ♪

<<<<<<<<<<<<<<<<<<<------------------------------------------------------------------->>>>>>>>>>>>>>>>>>>
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux