Hello,
I am having some trouble with the FDS PAM PTA. I am trying to authenticate against AD
I was trying to verify the password authentication to AD. The only time it does is kinit <ad user>. To test this, I was trying to setup ssh on a client box and configure it to bind to the FDS directory. Then I tried ssh user@localhost on client box, it will not accept any password and return below error.
debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug1: Unspecified GSS failure. Minor code may provide more information No credentials cache found debug1: Next authentication method: publickey Here are my questions.
1. Do I have to make any changes in ldap.conf file like below entries? # RFC 2307 (AD) mappings # pam_login_attribute uid (enable) # pam_lookup_policy (enable) # pam_password crypt (enable) # pam_password ad (update ad passwd from unix)
2. Edit the following files for kerberos. I was trying to follow this link for documentation. http://aput.net/~jheiss/krbldap/howto.html * krb5.conf * kadm5.acl * kdc.conf
3. Edit /etc/pam.d/system-auth and ldapserver.
4. Do I need to have CA cert installed on Admin and Directory servers for ssh? I mean, I do not have any certificates installed to 389-ds currently.
Is there any other steps missing here?
Thanks, Prashanth
389-users@lists.fedoraproject.org