Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HELP: Tried everything, can't get Kerberos to work
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
theosib
Apprentice
Apprentice


Joined: 09 Mar 2004
Posts: 207

PostPosted: Tue Mar 29, 2011 2:09 am    Post subject: HELP: Tried everything, can't get Kerberos to work Reply with quote

I'm trying to set up Netatalk to use Kerberos authentication directly. I used to have it use PAM, but either Netatalk or PAM is buggy, because apparently, I'm not the only person having intermittent authentication problems with Netatalk (e.g. http://ubuntuforums.org/showthread.php?p=10607637#post10607637).

So, I started trying to use this guide to set up Kerberos:
http://en.gentoo-wiki.com/wiki/Kerberos_Authentication

When that didn't work, I found this:
http://deepport.net/archives/setting-up-a-linux-server-for-os-x-clients/#kerberos
and set up just the Kerberos and Netatalk parts. That didn't work either.

Then someone kindly gave me these instructions:
http://www.osnews.com/permalink?468106

But those don't work either. No matter what I do, I can't authenticate at all. I'm told that the name and/or password is invalid.

I'm usually not this thick. I have followed instructions faithfully. Now, it may be that I've left something broken from some other steps, because probably one of those guides is just wrong, or I screwed up. But I have no idea where to begin.

Can someone please help?

Thanks!
Back to top
View user's profile Send private message
theosib
Apprentice
Apprentice


Joined: 09 Mar 2004
Posts: 207

PostPosted: Tue Mar 29, 2011 2:57 pm    Post subject: Diagnostics? Reply with quote

Can anyone perhaps suggest some diagnostics so we can tell what is and what is not working? Tests?
Back to top
View user's profile Send private message
MassimoM
n00b
n00b


Joined: 03 May 2008
Posts: 14
Location: Italy

PostPosted: Tue Mar 29, 2011 4:26 pm    Post subject: Reply with quote

[PREMISE] I don't know anything about Netatalk or any other Apple-related technology, but I've set up a working kerberos system for authenticating WinXP and Ubuntu clients at logon, and accessing Samba servers, NFS servers and Squid proxy "passwordless" with kerberos tickets[/PREMISE]

You can attach all of the logs that you have about the KDC and server daemon and client program.
Set them to log verbosely.
That's the minimum required to try to understand the problem.
Back to top
View user's profile Send private message
theosib
Apprentice
Apprentice


Joined: 09 Mar 2004
Posts: 207

PostPosted: Tue Mar 29, 2011 4:47 pm    Post subject: How to enable logging? Reply with quote

I've googled around to find out how to enable logging, but the commands I find seem to refer to executables that don't exist. Hint, please?

Thanks.
Back to top
View user's profile Send private message
MassimoM
n00b
n00b


Joined: 03 May 2008
Posts: 14
Location: Italy

PostPosted: Tue Mar 29, 2011 4:54 pm    Post subject: Reply with quote

in "man krb5.conf" there's a section about logging.
Lines of log from KDC are very important, from kadmin server are somewhat less important (it's "only" used to create user accounts / change passwords remotely).
Default logging refers to logs from processes that are using kerberos as client or kerberized service provider, so it's important.
Back to top
View user's profile Send private message
theosib
Apprentice
Apprentice


Joined: 09 Mar 2004
Posts: 207

PostPosted: Tue Mar 29, 2011 6:54 pm    Post subject: Giving up Reply with quote

I've decided that this just isn't worth my time to fool with. If it's going to be this hard, my time is better spent elsewhere.

It WOULD be worth my time if this were suitable for Time Machine backups, but since Netatalk doesn't support Replay Cache functionality, then putting a Mac to sleep during a backup causes the Mac to lock up. This is a MacOS bug, of course, but Time Machine is the main reason anyone would want to use Netatalk anyhow.

So, between the lockups and the fact that Netatalk doesn't get along with PAM properly, I think I'm just going to put it aside and come back in a few years when these problems are fixed.

Anyhow, thanks for the help.
Back to top
View user's profile Send private message
MassimoM
n00b
n00b


Joined: 03 May 2008
Posts: 14
Location: Italy

PostPosted: Tue Mar 29, 2011 7:22 pm    Post subject: Reply with quote

If you were simply trying to backup your Mac to your unix box at your home, I think that you weren't on the right road. Kerberos is a complex system, worth efforts for a reasonabily sized network. There's surely some other simpler password-based authentication schemes available.
Maybe using NFS?
Or if you want to pre-allocate some space for Time Machine you can consider to export a block device, with iSCSI or with ATA over Ethernet (really easy to setup! but no authentication). (hypotesis created without MacOS knowledge, except that it is Unix-based)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum