Hello,
I am having some trouble with the FDS PAM PTA. I am trying to authenticate against AD
I was trying to verify the password authentication to AD. The only time it does is kinit <ad user>. To test this, I was trying to setup ssh on a client box and configure it to bind to the FDS directory. Then I tried ssh user@localhost on client box, it will not accept any password and return below error.
debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found
debug1: Next authentication method: publickey
Here are my questions.
1. Do I have to make any changes in ldap.conf file like below entries?
# RFC 2307 (AD) mappings
# pam_login_attribute uid (enable)
# pam_lookup_policy (enable)
# pam_password crypt (enable)
# pam_password ad (update ad passwd from unix)
2. Edit the following files for kerberos. I was trying to follow this link for documentation.
http://aput.net/~jheiss/krbldap/howto.html
- krb5.conf
- kadm5.acl
- kdc.conf
3. Edit /etc/pam.d/system-auth and ldapserver.
4. Do I need to have CA cert installed on Admin and Directory servers for ssh? I mean, I do not have any certificates installed to 389-ds currently.
Is there any other steps missing here?
Thanks,
Prashanth
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
