| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67492
|
Fri May 3 19:27:53 2013 |
 | Hal Proctor | hproctor2@gmail.com | Info | Windows | 2.9.2 | Re: Kerberos on VM server 64bit |
| Hal Proctor wrote: |
|
| Stefan Ritt wrote: |
|
| Hal Proctor wrote: |
|
I have a logbook installed on a Windows 64 bit VM server 2008 R2 and can access it fine using the password file. However when using Kerberos it does not authenticate correctly. I installed Kerberos and pointed it to the realm an domain controller. Using KINIT command line it appears to accept my password. Any help is appriciated. Perhaps some other diagnostics i could try against the kerberos install
Here is global settings:
port = 49212
ssl = 1
url = https://my-elog.domain.com:49212/
Authentication = Kerberos, file
Kerberos Realm = DOMAIN.COM
Admin User = me
Max content length = 10485760
Password file = pw.txt
Allow password change = 1 (perhaps this is an issue???)
Also...when adding users to the logbook, do you leave the password blank if using Kerberos?
|
You can leave the password just blank.
The "Allow password change = 1" does not make any difference. It works here even with this option.
So I have no idea why you have that problem. Does it work on another computer, i.e. is it related to the 64 bit VM machine?
Best regards,
Stefan
|
The kerberos install, installed the Network Identity Manager and placed krb5 config in my windows directory. Can a server run lsass.exe only? or does the krb5 config file and Network Identity Manager need to be on the server?
|
Installed both on a Windows 2003 R2 server (32bit) and Kerberos not authenticating, yet gievs me a ticket thru kinit. |
|
67237
|
Wed Apr 11 13:17:48 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux 
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile. |
|
67238
|
Wed Apr 11 13:42:29 2012 |
| Thomas Kleeb | thomas.kleeb@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply! 
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure  |
|
67239
|
Wed Apr 11 13:51:27 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply!
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure
|
Kerberos is not used in the RPM. You have to compile yourself from the tar ball. |
|
67240
|
Wed Apr 11 14:00:52 2012 |
| Thomas Kleeb | thomas.kleeb@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply!
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure
|
Kerberos is not used in the RPM. You have to compile yourself from the tar ball.
|
O.K.
Like I said in the beginning, I'm a linux green-horn  How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation? |
|
67241
|
Wed Apr 11 14:04:33 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
Like I said in the beginning, I'm a linux green-horn How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation?
|
/etc/rc.d/init.d/elogd stop
Just compile elogd with Kerberos support and copy it over the existing elogd daemon.
|
|
67242
|
Wed Apr 11 14:36:43 2012 |
| Thomas Kleeb | thomas.kleeb@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Like I said in the beginning, I'm a linux green-horn How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation?
|
/etc/rc.d/init.d/elogd stop
Just compile elogd with Kerberos support and copy it over the existing elogd daemon.
|
I think it's working now !!!!
Thanks
Tom |
|
67764
|
Mon Jan 26 15:04:38 2015 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Question | Linux | 3.0.0 | Re: Kerberos auth not available on 3.0 ? |
Hi Maikolk,
I have elogd 3.0 running with kerberos: I had no problems with that.
Maybe you forgot to change the Makefile before compiling?
Uncomment line 28 to:
# flag for Kerberos support, please turn on if you need Kerberos
USE_KRB5 = 1
and then "make clean" and "make install" (or "make update").
Regards, Andreas
| Maikolk Kein wrote: |
|
Hi all !!!
i have just updated and 2.9.2-1 elog instance, and i have problems with the kerberos configuration.
I was surprised to see on the logs, that the 3.0 daemon was refusing to start because the system
config has kerberos listed as an authentication method. I saw on the logs that the current daemon
didnt have kerberos support compiled in.
Ive seen that there is ldap support, but couldnt find anything about configuring this auth sytem, does
amnyone have any example i could check ?
Did i have to use a patched version ? or compile it on my own ?
Regards
|
|