On 4/24/20 5:08 PM, Jean-Luc Chandezon wrote:
Hello,
I configure AD authentication (I followed https://wiki.debian.org/AuthenticatingL ... eDirectory), and it works fine.
I added AD group to debian sudoers, no problem. @mydomain.ad is the default suffix for login. USers does not need to put this.
My issue:
Even locally I can not open session aymore, as root, or as local unix user. Is it possible?
Here are krb5.conf:
-----------------------------------------------------------
logging]
Default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
click-skew = 300
default_realm = MYDOMAIN.AD
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
MYDOMAIN.AD = {
kdc = mydomain.ad:88
admin_server = mydomain.ad:464
default_domain = mydomain.ad
}
[domain_realm]
-----------------------------------------------------------
Thanks
Jean-Luc
Surprised you got to the page. I get -
Forbidden
<p>You are not allowed to access this!</p>
when attempting to access the wiki at all.