{"id":103,"date":"2019-09-11T15:01:03","date_gmt":"2019-09-11T13:01:03","guid":{"rendered":"https:\/\/linux.netreaper.de\/?p=103"},"modified":"2019-09-11T15:01:03","modified_gmt":"2019-09-11T13:01:03","slug":"geloest-centos-7-active-directory-single-sign-on-sso-mit-kerberos","status":"publish","type":"post","link":"https:\/\/blog.sscho.de\/?p=103","title":{"rendered":"[gel\u00f6st] CentOS 7 Active Directory Single Sign On (SSO) mit Kerberos"},"content":{"rendered":"\n<h3 class=\"wp-block-heading\">Problem:<\/h3>\n\n\n\n<p>Bei einer <a href=\"https:\/\/www.gfi.com\/products-and-solutions\/email-and-messaging-solutions\/kerio-connect\">Kerio Connect<\/a> Neuinstallation unter CentOS 7 war kein Active Directory Login der zugeordneten Benutzer m\u00f6glich. Der Server war in die Dom\u00e4ne aufgenommen, die AD-Anbindung von Kerio Connect zur Dom\u00e4ne funktioniert, AD-Benutzer lie\u00dfen sich importieren.<br>Bei dem Login gab es aber ungekl\u00e4rte Probleme (Kerberos Fehler 0x16    Server not yet valid &#8211; try again later)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">L\u00f6sung:<\/h3>\n\n\n\n<p>Quelle:  <a href=\"https:\/\/docs.inuvika.com\/active_directory_sso_using_kerberos\/\">https:\/\/docs.inuvika.com\/active_directory_sso_using_kerberos\/<\/a> <br>Archiv:  <a href=\"http:\/\/archive.is\/f1SOr\">http:\/\/archive.is\/f1SOr<\/a> <\/p>\n\n\n\n<p>Die Hauptschritte (Install and Configure Kerberos; Joining the Domain) etwas verk\u00fcrzt dargestellt:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Installation und Konfiguration von Kerberos<\/h3>\n\n\n\n<p>Kerberos Workstation installieren:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">yum install krb5-workstation<\/pre>\n\n\n\n<p>Neuerstellung der \/etc\/krb5.conf <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[libdefaults]<br>  default_realm=TEST.DEMO<br>  kdc_timesync = 1<br>  ccache_type = 4<br>  forwardable = true<br>  proxiable = true<br>  fcc-mit-ticketflags = true<br>  default_keytab_name = FILE:\/etc\/krb5.keytab<br> [realms]<br>  test.demo = {<br>  kdc = dc.test.demo<br>  master_kdc = dc.test.demo<br>  admin_server = dc.test.demo<br>  default_domain = test.demo<br>  }<br> [domain_realm]<br>  test.demo = TEST.DEMO<br> [logging]<br>  kdc = FILE:\/var\/log\/krb5\/krb5kdc.log<br><\/pre>\n\n\n\n<p>Die Platzhalter TEST.DEMO dc.test.demo, etc m\u00fcssen entsprechend ersetzt werden.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Beitreten der Dom\u00e4ne<\/h3>\n\n\n\n<p>Samba Client installieren:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">yum install samba-client<br><\/pre>\n\n\n\n<p>Die Konfigurationsdatei erstellen \/etc\/samba\/smb.conf<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">[global]<br> netbios name = osm<br> realm = TEST.DEMO<br> security = ADS<br> encrypt passwords = yes<br> password server = dc.test.demo<br> workgroup = TEST<br> kerberos method = dedicated keytab<br> dedicated keytab file = \/etc\/krb5.keytab<\/pre>\n\n\n\n<p>Wieder m\u00fcssen die Platzhalter ersetzt werden.<br>Zum Beitreten der Dom\u00e4ne ben\u00f6tigen wir den Befehl net ads join:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">net ads join -U administrator@TEST.DEMO<br><\/pre>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Problem: Bei einer Kerio Connect Neuinstallation unter CentOS 7 war kein Active Directory Login der zugeordneten Benutzer m\u00f6glich. Der Server war in die Dom\u00e4ne aufgenommen, die AD-Anbindung von Kerio Connect zur Dom\u00e4ne funktioniert, AD-Benutzer lie\u00dfen sich importieren.Bei dem Login gab es aber ungekl\u00e4rte Probleme (Kerberos Fehler 0x16 Server not yet valid &#8211; try again later) &hellip; <a href=\"https:\/\/blog.sscho.de\/?p=103\" class=\"more-link\"><span class=\"screen-reader-text\">\u201e[gel\u00f6st] CentOS 7 Active Directory Single Sign On (SSO) mit Kerberos\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-103","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/posts\/103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=103"}],"version-history":[{"count":4,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions"}],"predecessor-version":[{"id":107,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=\/wp\/v2\/posts\/103\/revisions\/107"}],"wp:attachment":[{"href":"https:\/\/blog.sscho.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.sscho.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}