1. Forum
  2. Usenet
  3. COMP.PROTOCOLS.KERBEROS

  • krbPrincipalName not creating principal in kerberos

    From keerthi krishnan@21:1/5 to All on Wed Feb 2 22:10:01 2022
    Hi Team,

    I have ldap setup and kerberos setup.

    Requirement:

    1. We have list of users in ironport ldap and want to sync particular group cn to kerbros and its password. So that both ldap and. kerberos will have same password.
    2. I want to create user object in ldap with multiple user alias like uid=alice, krbPrincipalAliases: alice/admin@DOMAIN.COM
    krbPrincipalName: alice/admin@DOMAIN.COM

    Achieved
    1. I have complied smbkrb5passwd module to sync user and its password from ldap to kerberos. Here uid is creating as principal in kerberos.

    Not working.

    I have added user data like this
    ++++
    dn: uid=wilf,ou=people,dc=domain,dc=com
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: krbprincipalaux
    objectClass: krbTicketPolicyAux
    uid: wilf
    cn: wilf/admin
    sn: Fernandz
    loginShell: /bin/bash
    uidNumber: 10003
    gidNumber: 10003
    homeDirectory: /home/wilf
    shadowMax: 60
    shadowMin: 1
    shadowWarning: 7
    shadowInactive: 7
    shadowLastChange: 0
    krbPrincipalAliases: wilf/admin@DOMAINCOM
    krbPrincipalName: wilf/admin@DOMAIN.COM
    ++++

    But in kerberos, the principal creating as wilf@DOMAIN.COM but krbPrincipalAliases not creating as prinicipal.

    Even I tried creating this user wilf/admin@DOMAINCOM in kerberos manually and tried changing password for uid wilf but alias and uid is not mapped so it is not updating.

    How can we achieve adding multiple principal alias for the same userobject. ?. I dont want to add multiple user and manage inldap.

    I am kind of blocked here. Please help me.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From keerthi krishnan@21:1/5 to All on Thu Feb 3 11:28:01 2022
    Hi Team,

    I have ldap setup and kerberos setup.

    Requirement:

    1. We have list of users in ironport ldap and want to sync particular group
    cn to kerbros and its password. So that both ldap and. kerberos will have
    same password.
    2. I want to create user object in ldap with multiple user alias like uid=alice, krbPrincipalAliases: alice/admin@DOMAIN.COM
    krbPrincipalName: alice/admin@DOMAIN.COM

    Achieved
    1. I have complied smbkrb5passwd module to sync user and its password from
    ldap to kerberos. Here uid is creating as principal in kerberos.

    Not working.

    I have added user data like this
    ++++
    dn: uid=wilf,ou=people,dc=domain,dc=com
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: krbprincipalaux
    objectClass: krbTicketPolicyAux
    uid: wilf
    cn: wilf/admin
    sn: Fernandz
    loginShell: /bin/bash
    uidNumber: 10003
    gidNumber: 10003
    homeDirectory: /home/wilf
    shadowMax: 60
    shadowMin: 1
    shadowWarning: 7
    shadowInactive: 7
    shadowLastChange: 0
    krbPrincipalAliases: wilf/admin@DOMAINCOM
    krbPrincipalName: wilf/admin@DOMAIN.COM
    ++++

    But in kerberos, the principal creating as wilf@DOMAIN.COM but krbPrincipalAliases not creating as prinicipal.

    Even I tried creating this user wilf/admin@DOMAINCOM in kerberos manually
    and tried changing password for uid wilf but alias and uid is not mapped so
    it is not updating.

    How can we achieve adding multiple principal alias for the same userobject.
    ?. I dont want to add multiple user and manage inldap.

    I am kind of blocked here. Please help me.

    Regards
    K.Keerthiga

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)