Kerberos and LDAP Auth

mariusb · January 21, 2010, 10:33am

Good day

I am trying to configure Kerberos and LDAP authentication on AIX 5.3 with Windows 2003 R2 but something is not quite right.

When I ran kinit username I get a ticket and I can display it using klist.

When the user login I can see the ticket request on Windows 2003, but the user gets the following error "3004-007 You entered an invalid login name or password."

Is there any way that I can turn debugging on so that I can see where the problem might be. I am sure it is something small but I don't know where.

Thank you for any assistance.

mariusb · January 25, 2010, 5:53am

The issue seemed to be the KVNO number generated by Windows 2003. Ktpass will create a kvno number as 1 but AIX looks for 3. The complete steps and explanations can be found in the following URL:

Configure single sign-on authentication on AIX

To see the error messages from Kerberos you can add the following to syslog.conf

*.debug /var/log/messages

Then just do a tail -f messages to see the last error writen to the log.

Hope this will help someone else.

Thank you