Comments on: Setting up OpenLDAP+Kerberos on Ubuntu 10.04 Alpha 2 (Lucid), part 4 http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid Supporting learning in schools with Linux Mon, 19 Jul 2010 06:55:08 +0000 hourly 1 By: Diego Lima http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-246 Diego Lima Wed, 02 Jun 2010 19:20:32 +0000 http://www.opinsys.fi/?p=871#comment-246 @Tom What did you change to fix the stash problem? I tried to comment out the kdc.conf variable as suggested but the problem persists. @Tom

What did you change to fix the stash problem? I tried to comment out the kdc.conf variable as suggested but the problem persists.

]]> By: Diego Lima http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-245 Diego Lima Tue, 01 Jun 2010 20:41:56 +0000 http://www.opinsys.fi/?p=871#comment-245 Thanks a LOT for your guide! I'm currently installing an environment similar to yours and I'm not finished, but your site gave me some invaluable hints :) Thanks a LOT for your guide! I’m currently installing an environment similar to yours and I’m not finished, but your site gave me some invaluable hints :)

]]> By: Tom http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-244 Tom Tue, 01 Jun 2010 11:35:33 +0000 http://www.opinsys.fi/?p=871#comment-244 The problem is now resolved. The keystash variable in /etc/krb5kdc/kdc.conf pointed to the wrong file and we commented it out, which fixed the problem. Also you need to add the closing quotes to your kadmin.local line in the turorial. cheers The problem is now resolved.
The keystash variable in /etc/krb5kdc/kdc.conf pointed to the wrong file and we commented it out, which fixed the problem. Also you need to add the closing quotes to your kadmin.local line in the turorial.

cheers

]]> By: Tom http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-243 Tom Tue, 01 Jun 2010 11:21:12 +0000 http://www.opinsys.fi/?p=871#comment-243 The error was that wen didn't put our netadmin user in the dbmodules, it was still admin there. Now it says that it cannot fetch the master key (no such file or directory). The error was that wen didn’t put our netadmin user in the dbmodules, it was still admin there.

Now it says that it cannot fetch the master key (no such file or directory).

]]> By: Tom http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-242 Tom Tue, 01 Jun 2010 10:49:02 +0000 http://www.opinsys.fi/?p=871#comment-242 Hi, great tutorial, really helped us start up! Still we encounter an error when we try to add a principal with the line: "sudo kadmin.local -q addprinc netadmin/netadmin@BIGSISTER.COM" The error is: root ~ # kadmin.local -q addprinc netadmin/netadmin@BIGSISTER.COM Authenticating as principal root/admin@BIGSISTER.COM with password. kadmin.local: Error reading password from stash: Bind DN entry missing in stash file while initializing kadmin.local interface Any idea where this might come from? It tries to authenticate as root, and there is no line for root in krb5.secrets only one for netadmin,.. maybe this is the error, but then again it should be possible to just sudo kadmin.local? We sticked to the tutorial thus no root user was added to the secrets. Thanks in advance, cheers Hi,

great tutorial, really helped us start up! Still we encounter an error when we try to add a principal with the line:
“sudo kadmin.local -q addprinc netadmin/netadmin@BIGSISTER.COM”
The error is:
root ~ # kadmin.local -q addprinc netadmin/netadmin@BIGSISTER.COM
Authenticating as principal root/admin@BIGSISTER.COM with password.
kadmin.local: Error reading password from stash: Bind DN entry missing in stash file while initializing kadmin.local interface

Any idea where this might come from? It tries to authenticate as root, and there is no line for root in krb5.secrets only one for netadmin,.. maybe this is the error, but then again it should be possible to just sudo kadmin.local? We sticked to the tutorial thus no root user was added to the secrets.

Thanks in advance,
cheers

]]> By: Veli-Matti Lintu http://www.opinsys.fi/en/setting-up-openldap-kerberos-on-ubuntu-10-04-lucid#comment-241 Veli-Matti Lintu Fri, 09 Apr 2010 15:59:58 +0000 http://www.opinsys.fi/?p=871#comment-241 Note that if you are doing a setup just by following the examples blindly, the kerberos attributes are not secured by the acls.dif in the first part of the series. The attributes need to be secured according to your needs and it's probably a good idea to also create a separate user that is the only one with access to the kerberos data. I hope to write more about this in the future. - Veli-Matti Note that if you are doing a setup just by following the examples blindly, the kerberos attributes are not secured by the acls.dif in the first part of the series. The attributes need to be secured according to your needs and it’s probably a good idea to also create a separate user that is the only one with access to the kerberos data. I hope to write more about this in the future.

- Veli-Matti

]]>