trying to configure single sign-on

Latest response

I'm following a Windows integration guide for Red Hat 7, to set up single sign-on , and hit the wall trying to add the workstation to active directory.

#kinit admin@AD
password:...
# net ads join -k
Failed to join domain: failed to connect to AD: Cannot read password

What is the issue ?

Smart card reader seems to work ok, with only issue:

 Couldn't verify Cert: Peer's Certificate issuer is not recognized.

kerberos looks ok.

SSSD fails with

Failed to read keytab [default]: No such file or directory.

I assume it fails because my workstation is not attached to AD

What I'm missing?

GG
Log in to join the conversation

Responses

thomas.jones2@dodiis.mil's picture Guru 6435 points
25 August 2015 6:38 PM

Have you already taken all of the steps to configure your Linux system as a Kerberos client? Without it, SSO to AD is generally not going to function well (if at all).

GG Newbie 15 points
25 August 2015 9:31 PM

I think so. All kerberos related commands like kinit, klist do not give any error indication. But

klist -ke
klist: Key table file '/etc/krb5.keytab' not found while starting keytab scan

and that's what I tried to accomplish(get keytab file created) by adding my workstation to AD. Is there any other way to create that file, like can it be created on AD DC for my computer

mtheuvel@cri-service.nl's picture Newbie 15 points
26 August 2015 7:48 AM

There is an excellent guide on this:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/pt01.html

Have you followed this guide, or something else? If this guide, where do you get stuck?

GG Newbie 15 points
26 August 2015 4:09 PM

yes, but when i get to point 2.4 step 9 restart sssd i'm getting

Failed to read keytab [default]: No such file or directory

How to create a keytab file for my machine?

jb Active Contributor 245 points
28 September 2015 3:57 PM

I think you need to add
kerberos method = secrets and keytab
in your samba configuration.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.