Como uso o ldapsearch com um ticket de território cruzado?

Navegue suas respostas
1

kinit [email protected] e klist -afe

Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
08/04/11 13:14:53 08/05/11 01:14:53 krbtgt/[email protected]
renew until 08/05/11 13:14:53, Flags: FRI
Etype (skey, tkt): des3-cbc-sha1, des3-cbc-sha1
Addresses: (none)

ldapwhoami -h dc1.windows.domain.tld

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database)

kvno ldap/[email protected] e ldap/[email protected]: kvno = 65

klist -afe

Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: [email protected]
Valid starting Expires Service principal
08/04/11 13:14:53 08/05/11 01:14:53 krbtgt/[email protected]
renew until 08/05/11 13:14:53, Flags: FRI
Etype (skey, tkt): des3-cbc-sha1, des3-cbc-sha1
Addresses: (none)
08/04/11 13:24:35 08/05/11 01:14:53 krbtgt/[email protected]
renew until 08/05/11 13:14:53, Flags: FRT
Etype (skey, tkt): des-cbc-crc, des-cbc-crc
Addresses: (none)
08/04/11 13:24:35 08/05/11 01:14:53 ldap/[email protected] renew until 08/05/11 13:14:53, Flags: FR
Etype (skey, tkt): arcfour-hmac, arcfour-hmac
Addresses: (none)

ldapwhoami -h dc1.windows.domain.tld

SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database)

    
por 84104 04.08.2011 / 22:38

2 respostas

1

Mapeamento de domínio de domínio insuficiente.

Obrigatório ou
krb5.conf:
[domain_realm]
windows.domain.tld = WINDOWS.DOMAIN.TLD
.windows.domain.tld = WINDOWS.DOMAIN.TLD
ou
DNS: _kerberos.windows.domain.tld. TXT "WINDOWS.DOMAIN.TLD"

Só tinha DNS: _kerberos.domain.tld. IN TXT "DOMAIN.TLD"

    
por 08.08.2011 / 18:11
0

o ldapserver precisa ser a primeira entrada em / etc / hosts 

192.168.1.5  fqdn.of.your.ad.server some.other.name and.another

Se tudo estiver corretamente no dns, remova a linha de / etc / hosts todos juntos.

    
por 07.11.2014 / 01:04

Tags

Como posso rastrear o tráfego de entrada em uma porta específica? .pac e configuração do network.proxy.socks_remote_dns do Firefox