Connecting to Active Directory with Kerberos on FreeBSD
So, I am trying to get Active Directory integration with FreeBSD and I have been researching this for a while as I have stated.
http://rhyous.com/2010/01/13/researching-the-process-for-integrating-freebsd-with-active-directory
I don’t have it all integrated yet. I keep running into road blocks.
First, I want to be able to do integration with Kerberos alone.
One part that is really easy is connecting to active directory with kerberos.
Step 1 – Collect Active Directory information.
| Active Directory Domain | LD.LAB |
| AD Domain Controller | vmdc.ld.lab |
| Domain Admin user name | administrator |
| Domain Admin password | pw |
Step 2 – Create the /etc/krb5.conf
Here is mine. Supposedly this is case sensitive, so make sure to match the case.
[libdefaults]
clockskew = 300
default_realm = LD.LAB
[realms]
LD.LAB = {
kdc = vmdc.ld.lab
default_domain = LD.LAB
kpasswd_server = vmdc.ld.lab
}
[domain_realm]
.LD.LAB = LD.LAB
Step 3 – Acquiring a ticket
- Use
kinitand a domain user and password to acquire a certificate.# kinit administratorEnter the password when prompted. - Use
klistto list the kerberos tickets.
However, once I have this working, I don’t know how to change authentication using nsswitch.conf and /etc/pam.d/sshd or system to make it work.
I assumed I wouldn’t need to change nsswitch.conf and that for Step 4 I would just have to uncomment the pam_krb5.so lines in the the /etc/pam.d/sshd and /etc/pam.d/system but unfortunately, that isn’t enough. Authentication is not working.
I can’t seem to find much documentation on pam and kerberos in FreeBSD. I have tried to add “debug” to the lines in the /etc/pam.d/sshd and /etc/pam.d/system but if that is adding more logging then I am not seeing it.
gizzmoheaven.com promotional codes
Connecting to Active Directory with Kerberos on FreeBSD | Rhyous
articles.informer.com
Connecting to Active Directory with Kerberos on FreeBSD | Rhyous
Hi Rhyous,
Thanks so much for doing the digging in your previous post. I see your post here was published well over a year ago. I hope you had success. It was high on the Google search for FreeBSD and Active Directory.
With your inspiration, Scott Lowe's solution for Linux, and docs from the MS website I was able to get FreeBSD 8.2 integrated (within scope, which was just ssh for now) to Active Directory without resorting to Samba. There are some manual steps to be done if Samba is not used.
My solution is on my (new) blog if you would care to check my work. I mentioned your site.
NS