1. 首頁
  2. 問答
  3. 與ldap集成後Kerberos kpasswd無法正常工作?

與ldap集成後Kerberos kpasswd無法正常工作?

2013-05-20 35 views
0

我在我的機器上配置了kerberos認證的LDAP。配置完成後,我無法使用kpasswd更改密碼。與ldap集成後Kerberos kpasswd無法正常工作?

我的krb5.conf文件。

https://docs.zoho.com/writer/published.do?rid=cm31c11feb23f172345f8a4851ae80e504756

LDAP配置

dn: cn=config 

objectClass: olcGlobal 

cn: config 

olcArgsFile: /var/run/slapd/slapd.args 

olcAuthzRegexp: {0}uid=([^,]+),cn=ultrasound.zmedia.com,cn=gssapi,cn=auth uid=$1 

,ou=users,dc=ultrasound,dc=zmedia,dc=com 

olcLogLevel: stats 

olcPidFile: /var/run/slapd/slapd.pid 

olcSaslRealm: ULTRASOUND.ZMEDIA.COM 

olcToolThreads: 1 



dn: olcDatabase={1}hdb,cn=config 

objectClass: olcDatabaseConfig 

objectClass: olcHdbConfig 

olcDatabase: {1}hdb 

olcDbDirectory: /var/lib/ldap 

olcSuffix: dc=ultrasound,dc=zmedia,dc=com 

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou 

s auth by * none 

olcAccess: {1}to dn.subtree="ou=krb5,dc=ultrasound,dc=zmedia,dc=com" by dn="cn=a 

dm-srv,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" write by dn="cn=kdc-srv,ou=krb5, 

dc=ultrasound,dc=zmedia,dc=com" read by * none 

olcAccess: {2}to attrs=loginShell by self write by users read by * none 

olcAccess: {3}to dn.base="" by * read 

olcAccess: {4}to * by users read by * none 

olcLastMod: TRUE 

olcRootDN: uid=admin,ou=users,dc=ultrasound,dc=zmedia,dc=com 

olcDbCheckpoint: 512 30 

olcDbConfig: {0}set_cachesize 0 2097152 0 

olcDbConfig: {1}set_lk_max_objects 1500 

olcDbConfig: {2}set_lk_max_locks 1500 

olcDbConfig: {3}set_lk_max_lockers 1500 

olcDbIndex: objectClass eq 

olcDbIndex: uid eq

錯誤日誌

==> /var/log/kerberos/kdc.log <== 
May 20 19:51:30 bharathi krb5kdc[16333](info): AS_REQ (4 etypes {18 17 16 23}) 127.0.0.1: ISSUE: authtime 1369059690, etypes {rep=18 tkt=18 ses=18}, [email protected] for kadmin/[email protected] 

==> /var/log/syslog <== 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=42 SEARCH RESULT tag=101 err=0 nentries=1 text= 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH base="[email protected],cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" scope=0 deref=0 filter="(objectClass=*)" 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SRCH attr=objectclass 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=43 SEARCH RESULT tag=101 err=0 nentries=1 text= 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD dn="[email protected],cn=ULTRASOUND.ZMEDIA.COM,ou=krb5,dc=ultrasound,dc=zmedia,dc=com" 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 MOD attr=krbLastSuccessfulAuth krbExtraData 
May 20 19:51:30 bharathi slapd[10090]: conn=1092 op=44 RESULT tag=103 err=50 text=

來源

2013-05-20 kannanrbk

回答

1

檢查MODIFY請求的結果的代碼。

來源

2013-05-20 15:23:46

+0

我不明白你在說什麼。 – kannanrbk

相關問題

 相關問題