Nagios Authentication with Active Directory (Slightly Off-Topic)
Shawn Iverson
shawn at nccsc.k12.in.us
Mon Jan 10 19:20:17 CET 2005
Comment out your realms section and domain_realm sections and see what
happens.
[realms]
# HEADQUARTERS.MYDOMAIN.COM = {
# default_domain = headquarters.mydomain.com
# kdc = 192.168.x.x
# admin_server = 192.168.x.x
# }
[domain_realm]
# .headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
#headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
Shawn
On Monday, January 10, 2005 12:29 PM, Dimitri wrote:
>Here's my rkb5.conf file. I really see no problems with it,
>but then again...
>
>
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>[libdefaults]
> default_realm = HEADQUARTERS.MYDOMAIN.COM
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
>[realms]
> HEADQUARTERS.FIRSTBHPH.COM = {
> default_domain = headquarters.mydomain.com
> kdc = 192.168.x.x
> admin_server = 192.168.x.x
> }
>
>[domain_realm]
> .headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
>headquarters.firstbhph.com = HEADQUARTERS.MYDOMAIN.COM
>
>[kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
>
>[appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
>
>Dimitri
>
>
>-----Original Message-----
>From: Shawn Iverson [mailto:shawn at nccsc.k12.in.us]
>Sent: Saturday, January 08, 2005 12:47 PM
>To: Dimitri Yioulos
>Cc: nagios-users at lists.sourceforge.net
>Subject: RE: [Nagios-users] Nagios Authentication with Active
>Directory (Slightly Off-Topic)
>
>Your DNS is fine, so that is not the problem. Your box is
>resolving from this server, right? Check your /etc/resolv.conf.
>
>Send me your /etc/krb5.conf file please. Perhaps there is
>something in it that I may be able to spot.
>
>Also, try updating your kerberos packages.
>
>Here's mine:
>
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
>[libdefaults]
> default_realm = MY.REALM.COM
> dns_lookup_realm = true
> dns_lookup_kdc = true
>
>[realms]
># EXAMPLE.COM = {
> #admin_server = kerberos.example.com:749
> #default_domain = example.com
># }
>
>[domain_realm]
># example.com = EXAMPLE.COM
>
>[kdc]
>profile = /var/kerberos/krb5kdc/kdc.conf
>
>[appdefaults]
> pam = {
> debug = true
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
>Shawn
>
>On Friday, January 07, 2005 4:55 PM Dimitri wrote:
>>dig _kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM srv
>>
>>; <<>> DiG 9.2.4rc6 <<>>
>>_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM srv ;; global
>>options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode:
>>QUERY, status: NOERROR, id: 21556 ;; flags: qr aa rd ra;
>>QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>>
>>;; QUESTION SECTION:
>;_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM. IN SRV
>>
>>;; ANSWER SECTION:
>>_kerberos._tcp.HEADQUARTERS.FIRSTBHPH.COM. 600 IN SRV 0 100 88
>>rockland.headquarters.firstbhph.com.
>>
>>;; ADDITIONAL SECTION:
>>rockland.headquarters.firstbhph.com. 3600 IN A 192.168.100.3
>>
>>;; Query time: 7 msec
>>;; SERVER: 192.168.100.3#53(192.168.100.3)
>>;; WHEN: Fri Jan 7 16:51:55 2005
>>;; MSG SIZE rcvd: 130
>
>
>
>-------------------------------------------------------
>The SF.Net email is sponsored by: Beat the post-holiday blues
>Get a FREE limited edition SourceForge.net t-shirt from
>ThinkGeek. It's fun and FREE -- well,
>almost....http://www.thinkgeek.com/sfshirt
>_______________________________________________
>Nagios-users mailing list
>Nagios-users at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/nagios-users
>::: Please include Nagios version, plugin version (-v) and OS
>when reporting any issue.
>::: Messages without supporting info will risk being sent to /dev/null
>
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list