Rhyous

May 7, 2010

Connecting to Active Directory with Kerberos on FreeBSD

Filed under: FreeBSD — J. Abram barneck @ 3:06 pm
Tags: , , , ,

So, I am trying to get Active Directory integration with FreeBSD and I have been researching this for a while as I have stated.
http://rhyous.com/2010/01/13/researching-the-process-for-integrating-freebsd-with-active-directory

I don’t have it all integrated yet. I keep running into road blocks.

First, I want to be able to do integration with Kerberos alone.

One part that is really easy is connecting to active directory with kerberos.

Step 1 – Collect Active Directory information.

Active Directory Domain LD.LAB
AD Domain Controller vmdc.ld.lab
Domain Admin user name administrator
Domain Admin password pw

Step 2 – Create the /etc/krb5.conf

Here is mine. Supposedly this is case sensitive, so make sure to match the case.

[libdefaults]
  clockskew = 300
  default_realm = LD.LAB

[realms]
  LD.LAB = {
    kdc = vmdc.ld.lab
    default_domain = LD.LAB
    kpasswd_server = vmdc.ld.lab
  }

[domain_realm]
  .LD.LAB = LD.LAB

Step 3 – Acquiring a ticket

  1. Use kinit and a domain user and password to acquire a certificate.# kinit administratorEnter the password when prompted.
  2. Use klist to list the kerberos tickets.

However, once I have this working, I don’t know how to change authentication using nsswitch.conf and /etc/pam.d/sshd or system to make it work.

I assumed I wouldn’t need to change nsswitch.conf and that for Step 4 I would just have to uncomment the pam_krb5.so lines in the the /etc/pam.d/sshd and /etc/pam.d/system but unfortunately, that isn’t enough.  Authentication is not working.

I can’t seem to find much documentation on pam and kerberos in FreeBSD.  I have tried to add “debug” to the lines in the /etc/pam.d/sshd and /etc/pam.d/system but if that is adding more logging then I am not seeing it.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: