This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
сервис_openfire [2021/10/14 11:32] val [Linux] |
сервис_openfire [2024/01/23 13:24] val [Microsoft AD] |
||
---|---|---|---|
Line 126: | Line 126: | ||
Host: server.corpX.un | Host: server.corpX.un | ||
Port: 389 | Port: 389 | ||
- | Base DN: ou=users,dc=corpX,dc=un | + | Base DN: ou=People,dc=corpX,dc=un |
Administrator DN: cn=admin,dc=corpX,dc=un | Administrator DN: cn=admin,dc=corpX,dc=un | ||
Line 222: | Line 222: | ||
<code> | <code> | ||
C:\>ktpass -princ xmpp/gate.corpX.un@CORPX.UN -mapuser gatexmpp -pass 'Pa$$w0rd' -out gatexmpp.keytab | C:\>ktpass -princ xmpp/gate.corpX.un@CORPX.UN -mapuser gatexmpp -pass 'Pa$$w0rd' -out gatexmpp.keytab | ||
- | |||
- | для openfire 3 | ||
- | C:\>ktpass -princ xmpp/corp15.un@CORP15.UN -mapuser xmpp -pass 'Pa$$w0rd' -out xmpp.keytab | ||
</code> | </code> | ||
Line 247: | Line 244: | ||
kadmin.local: ktadd -k gatexmpp.keytab xmpp/gate.CORPX.UN | kadmin.local: ktadd -k gatexmpp.keytab xmpp/gate.CORPX.UN | ||
- | kadmin.local: addprinc -randkey xmpp/corpX.un | + | ### kadmin.local: addprinc -randkey xmpp/corpX.un |
- | kadmin.local: addprinc -e rc4-hmac:normal -randkey xmpp/CORPX.UN | + | ### kadmin.local: addprinc -e rc4-hmac:normal -randkey xmpp/CORPX.UN |
- | kadmin.local: ktadd -k xmpp.keytab xmpp/corpX.un | + | ### kadmin.local: ktadd -k xmpp.keytab xmpp/corpX.un |
- | kadmin.local: ktadd -k xmpp.keytab xmpp/CORPX.UN | + | ### kadmin.local: ktadd -k xmpp.keytab xmpp/CORPX.UN |
- | </code> | + | </code><code> |
+ | Запросы с win клиента не наблюдаются, запросы с lin клиента такие: | ||
+ | root@server.corp13.un:~# tail -f /var/log/auth.log | ||
+ | |||
+ | Oct 5 08:14:30 server krb5kdc[831]: TGS_REQ (6 etypes {18 17 20 19 16 23}) 192.168.13.105: ISSUE: authtime 1664946134, etypes {rep=18 tkt=18 ses=18}, user1@CORP13.UN for xmpp/gate.corp13.un@CORP13.UN | ||
+ | Oct 5 08:14:30 server krb5kdc[831]: AS_REQ (2 etypes {18 17}) 192.168.13.1: NEEDED_PREAUTH: xmpp/gate.corp13.un@CORP13.UN for krbtgt/CORP13.UN@CORP13.UN, Additional pre-authentication required | ||
+ | Oct 5 08:14:31 server krb5kdc[831]: preauth (encrypted_timestamp) verify failure: Preauthentication failed | ||
+ | Oct 5 08:14:31 server krb5kdc[831]: AS_REQ (2 etypes {18 17}) 192.168.13.1: PREAUTH_FAILED: xmpp/gate.corp13.un@CORP13.UN for krbtgt/CORP13.UN@CORP13.UN, Preauthentication failed | ||
+ | </code> | ||
==== Настройка сервиса ==== | ==== Настройка сервиса ==== | ||
<code> | <code> |