ffabreti · August 29, 2015 14:04
diff --git a/Kerberos with MS-AD (authentication and DNS-update b/Kerberos with MS-AD (authentication and DNS-update
 ###################################################
 #configuring authentication of a linux box with Microsoft Active-Directory
 #refer: http://wiki.ubuntu-br.org/AutenticandoAD

 $ apt-get install krb5-config krb5-user

 $ vi /etc/krb5.conf
        [libdefaults]
                default_realm = DOMAIN.BR
                default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                default_keytab_name = /etc/krb5.keytab
        
        # The following krb5.conf variables are only for MIT Kerberos.
                krb4_config = /etc/krb.conf
                krb4_realms = /etc/krb.realms
                kdc_timesync = 1
                ccache_type = 4
                forwardable = true
                proxiable = true
        
        [logging]
                default = FILE:/var/log/krb5.log
        
        [realms]
          DOMAIN.BR = {
                        default_domain = DOMAIN.BR
                }
        
        [domain_realm]
                .domain.br = DOMAIN.BR
        [login]
                krb4_convert = true
                krb4_get_tickets = false
        


 $ ntpdate domain.br

 $ kinit -p  [email protected]

 $ klist

 ###################################################
 #configuring DNS-update
 #refer: http://projects.theforeman.org/issues/1685

 $ ktutil
 ktutil: addent -password -p [email protected] -k 1 -e rc4-hmac
 Password for [email protected]:
 ktutil:  list
        slot KVNO Principal
        ---- ---- ---------------------------------------------------------------------
           1    1                  [email protected]

 ktutil: wkt /etc/krb5.keytab
 ktutil: quit

 $ echo -e 'server mte.br \n update add ametista-sp.mte.br 3600 A 192.168.11.249  \n send' | nsupdate -g
 dns_tkey_buildgssquery failed: ran out of space
 #parece que usuário não tem permissão para fazer o update
	###################################################
	#configuring authentication of a linux box with Microsoft Active-Directory
	#refer: http://wiki.ubuntu-br.org/AutenticandoAD

	$ apt-get install krb5-config krb5-user

	$ vi /etc/krb5.conf
	[libdefaults]
	default_realm = DOMAIN.BR
	default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	default_keytab_name = /etc/krb5.keytab

	# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

	[logging]
	default = FILE:/var/log/krb5.log

	[realms]
	DOMAIN.BR = {
	default_domain = DOMAIN.BR
	}

	[domain_realm]
	.domain.br = DOMAIN.BR
	[login]
	krb4_convert = true
	krb4_get_tickets = false



	$ ntpdate domain.br

	$ kinit -p [email protected]

	$ klist

	###################################################
	#configuring DNS-update
	#refer: http://projects.theforeman.org/issues/1685

	$ ktutil
	ktutil: addent -password -p [email protected] -k 1 -e rc4-hmac
	Password for [email protected]:
	ktutil: list
	slot KVNO Principal
	---- ---- ---------------------------------------------------------------------
	1 1 [email protected]

	ktutil: wkt /etc/krb5.keytab
	ktutil: quit

	$ echo -e 'server mte.br \n update add ametista-sp.mte.br 3600 A 192.168.11.249 \n send' \| nsupdate -g
	dns_tkey_buildgssquery failed: ran out of space
	#parece que usuário não tem permissão para fazer o update