Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AIX AD integration for Password authentication

Status
Not open for further replies.
AmjathS

AmjathS

Technical User
Oct 1, 2012
1
KW
I am trying to create SSO for an Application running on AIX 7.1 to be authenticated by WIndows AD 2008.I have done below steps. ( Just need to use Windows for authentication only , user administration can be done at AIX server)

1) Installed KRB5 filesets in AIX server.

2) Created AD user in WIndows AD server -

3) Created keytab file using below command
C:\>ktpass -princ host/AIXserver.mycompany.com@MYCOMPANY.COM -mapuser host_ai-ker
r-pr -pass xxxxxxx -out host_AIXserver.keytab
Targeting domain controller: server1.mycompany.com
Using legacy password setting method
Successfully mapped host/AIXserver.mycompany.com to host_AIXserver.
WARNING: pType and account type do not match. This might cause problems.
Key created.
Output keytab to host_AIXserver.keytab:
Keytab version: 0x502
keysize 76 host/AIXserver.mycompany.com@MYCOMPANY.COM ptype 0 (KRB5_NT_UNKNOWN) v
no 3 etype 0x17 (RC4-HMAC) keylength 16 (0x0229a7a4cd52062d9480fb4dbe41d41a)

C:\>setspn -L host_AIXserver
Registered ServicePrincipalNames for CN=host_AIXserver,CN=Users,DC=mycompany,DC=
com:
host/AIXserver.mycompany.com
4) FTP'ed Keytab to AIX server and created keytab using ktutil:

rkt /home/root/host_AIXserver.keytab
ktutil: list
slot KVNO Principal
------
1 3 host/AIXserver.mycompany.com@MYCOMPANY.COM
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: quit

5) But I am not able to proceed further due to below error.

root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt /etc/krb5/krb5.keytab
Unable to obtain initial credentials.Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt host_AIXserver@MYCOMPANY.COM
Unable to obtain initial credentials.
Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
Pls suggest a fix for this error. Pls let me know for more clarifications. Any suggestion is appreciated
 
Sort by date Sort by votes
hi,
probably it does not seem to be your case,
but what made me crazy some years ago, deploying a similar architecture,
was the time synchronization between the servers: kerberos was a real daemon!
bye
vic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Bluejay07
  • Locked
  • Question
SCO password change text location
Replies
0
Views
252
Bluejay07
Bluejay07
Kishore Nandagopal
  • Locked
  • Question
Parallel execution for spooling file in shell script
Replies
1
Views
142
johnherman
johnherman
Aigini
  • Locked
  • Question
Problem using NOPASSWD option for sudo user
Replies
0
Views
91
Aigini
Aigini
duke2nuke
  • Locked
  • Question
How to parse syslog.conf for errors?
Replies
1
Views
127
Annihilannic
Annihilannic
moein88
  • Locked
  • Question
Can not recognize network adapter SCO UNIX in HP z400
Replies
0
Views
86
moein88
moein88

Part and Inventory Search

Sponsor

Back
Top