search for: kadm5

...w: compat hosts: files dns wins networks: files dns protocols: db files services: db files ethers: db files rpc: db files kdc.conf [kdcdefaults] kdc_ports = 88,750 [realms] EXAMPLE.COM = { database_name = /etc/krb5kdc/principal admin_keytab = /etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl dict_file = /etc/krb5kdc/kadm5.dict key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM kadmind_port = 749 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 suppor...

...:27 01/13/05 10:01:16 krbtgt/ADMIN.SJC@ADMIN.SJC renew until 01/14/05 00:00:27 01/13/05 00:01:59 01/13/05 10:01:16 sun$@ADMIN.SJC renew until 01/14/05 00:00:27 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Did net ads join -U administrator@ADMIN.SJC kadm5.acl */administartor@ADMIN.SJC * Does this ticket look ok? the krbtgt record looks a little odd to me. I figure I should get ADMIN/chris, and I cannot see any entries for STAFF realm left over. I kdestroyed the ticket and recreated it, but no luck kdc.conf [kdcdefaults] kdc_ports = 88...

...00:27 01/13/05 10:01:16 krbtgt/ADMIN.SJC@ADMIN.SJC renew until 01/14/05 00:00:27 01/13/05 00:01:59 01/13/05 10:01:16 sun$@ADMIN.SJC renew until 01/14/05 00:00:27 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Did net ads join -U administrator@ADMIN.SJC kadm5.acl */administartor@ADMIN.SJC * Does this ticket look ok? the krbtgt record looks a little odd to me. I figure I should get ADMIN/chris, and I cannot see any entries for STAFF realm left over. I kdestroyed the ticket and recreated it, but no luck kdc.conf [kdcdefaults] kdc_ports = 88...

...permissive and that's why it never complained. Here are the contexts *after* running /sbin/fixfiles -R krb5-server restore # ls -AlZ /var/kerberos/krb5kdc/ -rw------- root root system_u:object_r:krb5kdc_conf_t .k5.BEAV.VIRTUALXISTENZ.COM -rw-r--r-- root root system_u:object_r:krb5kdc_conf_t kadm5.acl -rw------- root root system_u:object_r:krb5kdc_conf_t kadm5.keytab -rw-r--r-- root root system_u:object_r:krb5kdc_conf_t kdc.conf -rw------- root root system_u:object_r:krb5kdc_principal_t principal -rw------- root root system_u:object_r:krb5kdc_principal_t principal.kadm5 -rw------- root...

...path = /var/lib/samba/sysvol read only = No Here's my 'kdc.conf' adam at sogo:~$ sudo cat /etc/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 750,88 [realms] SMBDOMAIN.COM = { database_name = /var/lib/krb5kdc/principal admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl key_stash_file = /etc/krb5kdc/stash kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = aes256-cts:normal arcfour-hmac:n...

...- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - kdc.conf [kdcdefaults] kdc_ports = 88,750 [reamls] MYDOMAIN.COM = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth }

...4: Test your server setup). (Succeeded in other steps.... Including step 5) Only local users in the samba server can access the share folder. (Please refer to the smb.conf listed below...) And "#kadmin -p administrator" fails with the error message: "kadmin: Database error! Requeired KADM5 principal missing while initializing kadm in interface" My configurations are as followed: Kernel : Linux 2.4.18 Krb5-devel & krb5-lib & krb5-workstation : 1.2.4-1 Openldap-devel : 2.0.23-4 /usr/local/samba/lib/smb.conf -- [home] comment = root directory path = /home writeabl...

...2 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)kdc.conf 1.2 02/02/14 SMI" [kdcdefaults] kdc_ports = 88,750 [realms] ___default_realm___ = { profile = /etc/krb5/krb5.conf database_name = /var/krb5/principal admin_keytab = /etc/krb5/kadm5.keytab acl_file = /etc/krb5/kadm5.acl kadmind_port = 749 max_life = 8h 0m 0s max_renewable_life = 7d 0h 0m 0s default_principal_flags = +preauth } # #pragma ident "@(#)krb5.conf 1.2 99/07/20 SMI" # Copyright (c) 1999, by Sun Microsystems, Inc. # All rights reserved. # # krb...

...rver = dcserver.xxx.yyy:749 } [domain_realm] .xxx.yyy = XXX.YYY xxx.yyy = XXX.YYY /var/kerberos/krb5kdc/kdc.conf : -------------------------------- [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] XXX.YYY= { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal } Then : ------ # kinit administrateur...

...FMC.DS.AF.MIL [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false ***************************** kdc.conf ********* [kdcdefaults] acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] USAF.AFMC.DS.AF.MIL = { master_key_type = des-cbc-crc supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3...

...>> /var/kerberos/krb5kdc/kdc.conf : >> -------------------------------- >> [kdcdefaults] >> kdc_ports = 88 >> kdc_tcp_ports = 88 >> >> [realms] >> XXX.YYY= { >> #master_key_type = aes256-cts >> acl_file = /var/kerberos/krb5kdc/kadm5.acl >> dict_file = /usr/share/dict/words >> admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab >> supported_enctypes = aes256-cts:normal aes128-cts:normal >> des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal >> des-cbc-md5:normal des-cbc-crc:normal...

...; adam at sogo:~$ sudo cat /etc/krb5kdc/kdc.conf >>> [kdcdefaults] >>> kdc_ports = 750,88 >>> >>> [realms] >>> SMBDOMAIN.COM = { >>> database_name = /var/lib/krb5kdc/principal >>> admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab >>> acl_file = /etc/krb5kdc/kadm5.acl >>> key_stash_file = /etc/krb5kdc/stash >>> kdc_ports = 750,88 >>> max_life = 10h 0m 0s >>> max_renewable_life = 7d 0h 0m 0s >>> master_key_type = des3-...

...[kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [root@desarrollo ~]# cat /var/kerberos/krb5kdc/kdc.conf [kdcdefaults] acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] OUR.DOMAIN.COM = { master_key_type = des-cbc-crc supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal de...

...USA. + *) + +open Sysprep_operation +open Sysprep_gettext.Gettext + +module StringSet = Set.Make (String) +module G = Guestfs + +let kerberos_data_perform g root = + let typ = g#inspect_get_type root in + if typ <> "windows" then ( + let excepts = [ "/var/kerberos/krb5kdc/kadm5.acl"; + "/var/kerberos/krb5kdc/kdc.conf"; ] in + let paths = Array.to_list (g#glob_expand "/var/kerberos/krb5kdc/*") in + let set = List.fold_right StringSet.add paths StringSet.empty in + let excepts = List.fold_right StringSet.add excepts Strin...

...in.suffix:749 default_domain = domain.suffix } kdc.conf is: [kdcdefaults] kdc_ports 750,88 [realms] domain.suffix = { database_name = /usr/local/samba/private/principal admin_keytab = FILE:/usr/local/samba/private/.keytab acl_file = /etc/krb5kdc/kadm5.acl keys_stash_file = /etc/krb5kdc/stash kdc_ports = 750,88 max_life = 9107d 5h 0m 0s max_renewable_life = 9300d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = aes256-cts:normal arcfour-hmac:normal des3-hmac-sha 1:normal des-cbc...

...'VSOFS1.COM\domuser' 'VSOFS1.COM\domadmin' 'VSOFS1.COM\domguest' [root@sofsedutsm ~]# cat /var/kerberos/krb5kdc/kdc.conf [kdcdefaults] v4_mode = nopreauth kdc_tcp_ports = 88 [realms] SONAS.COM = { #master_key_type = des3-hmac-sha1 acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 } [root@sofsedun3 ~]# cat /etc/krb5.conf [loggi...

...nd done. net join, net testjoin, kinit does work. My problem at the moment is the kadmin command for add and export the upn. I get always the following errors. ---- kadmin -k Authenticating as principal host/wg-centos-fds1.xxx.xxx@XXX.XXX with default keytab. kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface ---- My main question is it possible to use kadmin to add/modify/export upn/spn in a Active Directory? Are there other linux tools to do that? thanks for any help best regards seppel

...rity/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_mkhomedir.so skel=etc/skel umask=0027 seesion optional /lib/security/$ISA/pam_krb5.so *******kdc.conf************ [kdcdefaults] acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab v4_mode = nopreauth [realms] AVISION.COM.CN = { master_key_type = des-cbc-crc supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:norma...

...in: Client not found in Kerberos database while initializing kadmin interface ----- Output of kadmin -p ADMINISTRATOR@3KINGSINC.LOCAL: Authenticating as principal ADMINISTRATOR@3KINGSINC.LOCAL with password. Password for ADMINISTRATOR@3KINGSINC.LOCAL:<passwd> kadmin: Database error! Required KADM5 principal missing while initializing kadmin interface ----- Output of smbclient -L license -U Administrator Password:<passwd> Sharename Type Comment --------- ---- ------- E$ Disk Default share IPC$ IPC Re...

...le G = Guestfs > > -let kerberos_data_perform g root side_effects = > +let kerberos_data_perform (g : Guestfs.guestfs) root side_effects = > let typ = g#inspect_get_type root in > if typ <> "windows" then ( > let excepts = [ "/var/kerberos/krb5kdc/kadm5.acl"; > diff --git a/sysprep/sysprep_operation_logfiles.ml b/sysprep/sysprep_operation_logfiles.ml > index 7b81959..0a9e054 100644 > --- a/sysprep/sysprep_operation_logfiles.ml > +++ b/sysprep/sysprep_operation_logfiles.ml > @@ -132,7 +132,7 @@ let globs = List.sort compare [ &g...