Nagios Authentication with Active Directory (Slightly Off-Topic)
Dimitri Yioulos
dyioulos at firstbhph.com
Mon Jan 10 18:28:59 CET 2005
Here's my rkb5.conf file. I really see no problems with it, but then
again...
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = HEADQUARTERS.MYDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
HEADQUARTERS.FIRSTBHPH.COM = {
default_domain = headquarters.mydomain.com
kdc = 192.168.x.x
admin_server = 192.168.x.x
}
[domain_realm]
.headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Dimitri
-----Original Message-----
From: Shawn Iverson [mailto:shawn at nccsc.k12.in.us]
Sent: Saturday, January 08, 2005 12:47 PM
To: Dimitri Yioulos
Cc: nagios-users at lists.sourceforge.net
Subject: RE: [Nagios-users] Nagios Authentication with Active Directory
(Slightly Off-Topic)
Your DNS is fine, so that is not the problem. Your box is resolving
from this server, right? Check your /etc/resolv.conf.
Send me your /etc/krb5.conf file please. Perhaps there is something in
it that I may be able to spot.
Also, try updating your kerberos packages.
Here's mine:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MY.REALM.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
# EXAMPLE.COM = {
#admin_server = kerberos.example.com:749
#default_domain = example.com
# }
[domain_realm]
# example.com = EXAMPLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Shawn
On Friday, January 07, 2005 4:55 PM Dimitri wrote:
>dig _kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM srv
>
>; <<>> DiG 9.2.4rc6 <<>>
>_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM srv ;; global
>options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode:
>QUERY, status: NOERROR, id: 21556 ;; flags: qr aa rd ra;
>QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>;; QUESTION SECTION: ;_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM. IN SRV
>
>;; ANSWER SECTION:
>_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM. 600 IN SRV 0 100 88
>rockland.headquarters.firstbhph.com.
>
>;; ADDITIONAL SECTION:
>rockland.headquarters.firstbhph.com. 3600 IN A 192.168.100.3
>
>;; Query time: 7 msec
>;; SERVER: 192.168.100.3#53(192.168.100.3)
>;; WHEN: Fri Jan 7 16:51:55 2005
>;; MSG SIZE rcvd: 130
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list