Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[apache] Authentification Kerberos dans apache
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index French
View previous topic :: View next topic  
Author Message
256JMaN
n00b
n00b


Joined: 20 May 2006
Posts: 37

PostPosted: Mon May 07, 2012 9:13 am    Post subject: [apache] Authentification Kerberos dans apache Reply with quote

Bonjour,

Mon problème n'est pas sur un serveur Gentoo, mais je n'arrive pas à obtenir de réponse, donc je tente ma chance ici :-)

Je dois intégrer un serveur BackupPC, sous Debian 6.0.4, dans un domaine Active Directory pour que les utilisateurs puisse gérer eux même leurs sauvegardes.
Le contrôleur de de domaine est un Windows Server 2003 R2.

Voici les fichier que j’ai modifier sur mon serveur backuppc :
Mon domaine est domaine.local
Mon contrôleur de domaine s’appelle dc
Mon serveur backuppc s’appel backuppc

/etc/krb5.conf
Quote:
[libdefaults]
default_realm = DOMAINE.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true


[realms]
DOMAINE.LOCAL = {
kdc = dc.domaine.local
master_kdc = dc.domaine.local
admin_server = dc.domaine.local
default_domain = domaine.local
}


[domain_realm]
.domaine.local = DOMAINE.LOCAL
domaine.local = DOMAINE.LOCAL

[login]
krb4_convert = true
krb4_get_tickets = false


/etc/samba/smb.conf
Quote:
[global]
workgroup = DOMAINE
netbios name = BACKUPPC
realm = DOMAINE.LOCAL
server string = %h server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = ADS
keytab method = dedicated keytab
dedicated keytab file = /etc/krb.keytab
encrypt passwords = true
password server = DC.domaine.local
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes


cat /etc/hosts
Quote:
127.0.0.1 localhost
127.0.1.1 BACKUPPC.DOMAINE.LOCAL BACKUPPC
192.168.130.9 DC.DOMAINE.LOCAL DC

/etc/apache2/conf.d/backuppc.conf
Quote:
Alias /backuppc /usr/share/backuppc/cgi-bin/

<Directory /usr/share/backuppc/cgi-bin/>
AllowOverride None
Allow from all

# Uncomment the line below to ensure that nobody can sniff importanti
# info from network traffic during editing of the BackupPC config or
# when browsing/restoring backups.
# Requires that you have your webserver set up for SSL (https) access.
#SSLRequireSSL

Options ExecCGI FollowSymlinks
AddHandler cgi-script .cgi
DirectoryIndex index.cgi

AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms DOMAINE.LOCAL
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate On
KrbMethodK5Passwd Off
Krb5KeyTab /etc/krb5.keytab

# AuthGroupFile /etc/backuppc/htgroup
# AuthUserFile /etc/backuppc/htpasswd
# AuthType basic
# AuthName "BackupPC admin"
require valid-user

J'ai créer un groupe de sécurité dans la foret pour l'administration, que j'ai renseigné dans la config de backuppc et ajouté mes utilisateurs dedans.
J’arrive a obtenir des jetons avec la commande kinit, j’ai réussi a intégrer le serveur dans la foret mais l’authentenfication dans apache ne fonctionne pas et me laisse le message dans les logs d’erreurs :

Quote:
[Fri May 04 12:10:36 2012] [error] [client 192.168.130.9] gss_acquire_cred() failed: An invalid name was supplied (, Cannot determine realm for numeric host address)


Ça fait une semaine que je bloque dessus, si quelqu'un a des suggestions sur ce qui pourrait bloquer, cela me rendrait un énorme service ! :-)
Back to top
View user's profile Send private message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 7901
Location: ~Brussels - Belgique

PostPosted: Mon May 07, 2012 9:18 am    Post subject: Reply with quote

http://modauthkerb.sourceforge.net ?
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index French All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum