Search Results :
×sudo apt-get install krb5-user
yum install krb5-workstation krb5-libs krb5-auth-dialog
EXAMPLE.ORG= { kdc = <AD DOMAIN CONTROLLER IP/DNS> :88 }
NOTE: Replace the AD DOMAIN CONTROLLER IP/DNS with your IP/DNS address. Ensure EXAMPLE.ORG should be in upper case.
- Replace the EXAMPLE.ORG with the Active Directory domain name.
- And ensure that the port 88 on the AD Domain Controller is accessible from this server.
sudo apt-get install libapache2-mod-auth-kerb
a2enmod auth_kerb
yum install mod_auth_kerb
ktpass -princ HTTP/<Server Host Name>@EXAMPLE.ORG -pass PASSWORD
-mapuser <svc@EXAMPLE.ORG> -Ptype KRB5_NT_PRINCIPAL -out "<PATH>\spn.keytab"
NOTE: Ensure EXAMPLE.ORG should be in uppercase.
The following are the components of the command.
Server Host Name: | It is the host name of the site hosted on the Server. |
Server Host Name: | It is the host name of the site hosted on the Server. |
EXAMPLE.ORG: | It is the Active Directory Domain Name. |
PASSWORD: | It is the password of the service account used above. |
svc@EXAMPLE.ORG: | It is a service account in Active Directory. |
Path: | Path to a local location which will store the keytab file. |
-Edit the /etc/apache2/sites-enabled/000-default.conf file.
<Directory "/placeholder">
AuthType Kerberos
KrbAuthRealms EXAMPLE.ORG
KrbServiceName HTTP
Krb5Keytab <PATH TO KEYTAB>
KrbMethodNegotiate on
KrbMethodK5Passwd on
require valid-user
</Directory>
-Edit the auth_kerb.conf configuration file in the /etc/httpd/conf.d/ folder.
LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so
<Directory "/placeholder">
AuthType Kerberos
KrbAuthRealms EXAMPLE.ORG
KrbServiceName HTTP
Krb5Keytab <PATH TO KEYTAB>
KrbMethodNegotiate on
KrbMethodK5Passwd on
require valid-user
</Directory>
NOTE: Ensure EXAMPLE.ORG should be in upper case.
The following are the components of the above configuration:
EXAMPLE.ORG: | This is the Active Directory domain as configured in krb5.conf. |
PATH TO KEYTAB: | Accessible path to the keytab on this server. |
gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Permission denied).
gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, Key table entry not found).
Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ).