| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67490
|
Fri May 3 14:41:01 2013 |
 | Stefan Ritt | stefan.ritt@psi.ch | Info | Windows | 2.9.2 | Re: Kerberos on VM server 64bit |
| Hal Proctor wrote: |
|
I have a logbook installed on a Windows 64 bit VM server 2008 R2 and can access it fine using the password file. However when using Kerberos it does not authenticate correctly. I installed Kerberos and pointed it to the realm an domain controller. Using KINIT command line it appears to accept my password. Any help is appriciated. Perhaps some other diagnostics i could try against the kerberos install
Here is global settings:
port = 49212
ssl = 1
url = https://my-elog.domain.com:49212/
Authentication = Kerberos, file
Kerberos Realm = DOMAIN.COM
Admin User = me
Max content length = 10485760
Password file = pw.txt
Allow password change = 1 (perhaps this is an issue???)
Also...when adding users to the logbook, do you leave the password blank if using Kerberos?
|
You can leave the password just blank.
The "Allow password change = 1" does not make any difference. It works here even with this option.
So I have no idea why you have that problem. Does it work on another computer, i.e. is it related to the 64 bit VM machine?
Best regards,
Stefan |
|
67491
|
Fri May 3 19:09:45 2013 |
| Hal Proctor | hproctor2@gmail.com | Info | Windows | 2.9.2 | Re: Kerberos on VM server 64bit |
| Stefan Ritt wrote: |
|
| Hal Proctor wrote: |
|
I have a logbook installed on a Windows 64 bit VM server 2008 R2 and can access it fine using the password file. However when using Kerberos it does not authenticate correctly. I installed Kerberos and pointed it to the realm an domain controller. Using KINIT command line it appears to accept my password. Any help is appriciated. Perhaps some other diagnostics i could try against the kerberos install
Here is global settings:
port = 49212
ssl = 1
url = https://my-elog.domain.com:49212/
Authentication = Kerberos, file
Kerberos Realm = DOMAIN.COM
Admin User = me
Max content length = 10485760
Password file = pw.txt
Allow password change = 1 (perhaps this is an issue???)
Also...when adding users to the logbook, do you leave the password blank if using Kerberos?
|
You can leave the password just blank.
The "Allow password change = 1" does not make any difference. It works here even with this option.
So I have no idea why you have that problem. Does it work on another computer, i.e. is it related to the 64 bit VM machine?
Best regards,
Stefan
|
The kerberos install, installed the Network Identity Manager and placed krb5 config in my windows directory. Can a server run lsass.exe only? or does the krb5 config file and Network Identity Manager need to be on the server?
|
|
67492
|
Fri May 3 19:27:53 2013 |
| Hal Proctor | hproctor2@gmail.com | Info | Windows | 2.9.2 | Re: Kerberos on VM server 64bit |
| Hal Proctor wrote: |
|
| Stefan Ritt wrote: |
|
| Hal Proctor wrote: |
|
I have a logbook installed on a Windows 64 bit VM server 2008 R2 and can access it fine using the password file. However when using Kerberos it does not authenticate correctly. I installed Kerberos and pointed it to the realm an domain controller. Using KINIT command line it appears to accept my password. Any help is appriciated. Perhaps some other diagnostics i could try against the kerberos install
Here is global settings:
port = 49212
ssl = 1
url = https://my-elog.domain.com:49212/
Authentication = Kerberos, file
Kerberos Realm = DOMAIN.COM
Admin User = me
Max content length = 10485760
Password file = pw.txt
Allow password change = 1 (perhaps this is an issue???)
Also...when adding users to the logbook, do you leave the password blank if using Kerberos?
|
You can leave the password just blank.
The "Allow password change = 1" does not make any difference. It works here even with this option.
So I have no idea why you have that problem. Does it work on another computer, i.e. is it related to the 64 bit VM machine?
Best regards,
Stefan
|
The kerberos install, installed the Network Identity Manager and placed krb5 config in my windows directory. Can a server run lsass.exe only? or does the krb5 config file and Network Identity Manager need to be on the server?
|
Installed both on a Windows 2003 R2 server (32bit) and Kerberos not authenticating, yet gievs me a ticket thru kinit. |
|
67237
|
Wed Apr 11 13:17:48 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux 
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile. |
|
67238
|
Wed Apr 11 13:42:29 2012 |
| Thomas Kleeb | thomas.kleeb@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply! 
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure  |
|
67239
|
Wed Apr 11 13:51:27 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply!
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure
|
Kerberos is not used in the RPM. You have to compile yourself from the tar ball. |
|
67240
|
Wed Apr 11 14:00:52 2012 |
| Thomas Kleeb | thomas.kleeb@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
| Stefan Ritt wrote: |
|
| Thomas Kleeb wrote: |
|
Hello to @all
First please let me say that I'm a complete green-horn when it comes to linux
I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,
If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.
thanks,
Tom
|
Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile.
|
Thanks for the quick reply!
I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure
|
Kerberos is not used in the RPM. You have to compile yourself from the tar ball.
|
O.K.
Like I said in the beginning, I'm a linux green-horn  How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation? |
|
67241
|
Wed Apr 11 14:04:33 2012 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | V2.9.1-243 | Re: Kerberos authentication |
| Thomas Kleeb wrote: |
|
Like I said in the beginning, I'm a linux green-horn How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation?
|
/etc/rc.d/init.d/elogd stop
Just compile elogd with Kerberos support and copy it over the existing elogd daemon.
|