[xubuntu-users] Kerberos client auth

Lucio Crusca lucio at sulweb.org
Fri Feb 28 08:44:51 UTC 2014 

Hello everybody,

I'm trying to configure a Xubuntu 12.04 client box to authenticate against a 
Zentyal 3.3 server.

Server configuration is ok, because a Windows XP client is already working with 
it, including roaming profiles (that are a whole different problem, I know). 

I've followed the last paragraph ("Kerberos Linux Client") in this guide [1]: 
I successfully obtain a ticket that "klist" shows me, and I've executed 

# auth-client-config -a -p kerberos_example # (see note below)

but the kerberos login does not work:

$ ssh lucio at 192.168.1.126
lucio at 192.168.1.126's password: 
Welcome to Ubuntu 12.04.4 LTS (GNU/Linux 3.2.0-59-generic-pae i686)

 * Documentation:  https://help.ubuntu.com/

Last login: Fri Feb 28 09:23:33 2014 from 192.168.1.253
lucio at ubuntuclient:~$ sudo su
[sudo] password for lucio: 
root at ubuntuclient:/home/lucio# login
ubuntuclient.LUCIODOM.MY.ORG login: kerb.user
Password: 
Warning: Your password will expire in 318 days on lun 12 gen 2015 10:22:46 CET

Login incorrect
ubuntuclient.LUCIODOM.MY.ORG login: 

Please note that I already have another domain controller in this network 
(with a different domain name), so I had to manually set the DNS address in the 
client to make that point to the new server. The client ip address is static 
too, but that has nothing to do with domain controller conflicts, it's only 
handy because those systems are in a remote network and that way it's easier 
to reach the client via ssh. I've manually added the client name and its IP 
address in the Zentyal DNS.

What am I doing wrong?

note: I've issued that exact command regardless of the fact that the 
kerberos_example profile is missing in /etc/auth-client-config/profile.d folder. 
I actually don't understand why that command worked even if the profile is 
missing, but it actually did something (several edits to nsswitch.conf and 
pam.d config files), and it did not raise any errors nor warnings about the 
missing profile...


[1]: https://help.ubuntu.com/12.04/serverguide/kerberos.html

More information about the xubuntu-users mailing list