I am newbie in this world and I need help.
For the past weeks I have been trying to find the answer to my problem, but withour success.
I am trying to authenticate my CentOS machine against Active Directory (on my Windows Server 2012 machine) via LDAP and Kerberos. I used authconfig-tui and select: User information-Use LDAP and Authentication: Use Kerberos.
LDAP Settings:
Server: ldap://10.0.2.15 (my server IP)
Base DN: dc=example,dc=local
Kerberos settings:
Realm: EXAMPLE.LOCAL
KDC: 10.0.2.15
Admin Server: SERVER.EXAMPLE.LOCAL
As I learned, this configuration is not enough so I edited my sssd.conf file:
*autofs_provider = ldap
cache_credentials = True
krb5_kpasswd = SERVER.EXAMPLE.LOCAL
ldap_search_base = dc=example,dc=local
krb5_server = 10.0.2.15
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_store_password_if_offline = True
ldap_uri = ldap://10.0.2.15
krb5_realm = EXAMPLE.LOCAL
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
[sssd]
domains = default, example.local
config_file_version = 2
services = nss, pam, autofs
[domain/example.local]
ad_domain = example.local
id_provider = ad
autofs_provider = ldap
cache_credentials = True
krb5_kpasswd = SERVER.EXMAPLE.LOCAL
ldap_search_base = dc=example,dc=local
krb5_server = 10.0.2.15
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_store_password_if_offline = True
ldap_uri = ldap://10.0.2.15
krb5_realm = EXMAPLE.LOCAL
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
I restated the service. Then I tried to
su - exampleuser@example.local
And it worked. But it I try to kinit
or klist
I receive this error:
kinit: Cannot contact any KDC for realm 'EXAMPLE.LOCAL' while getting initial credentials
I also have another error when trying to http://localhost via Apache. My error_log file says:
LDAP: ldap_simple_bind() failed. Can´t contact LDAP server
Am I doing something wrong?
Any help would be useful.
Thanks in advance.
If you need more information just tell me.