Set up 389 DS server as Kerberos V principal database

[tenmoi]

Hi!

I have set up a 389 DS server and a kdc . However there is not a howto or any document concerning setting up the DS as a Kerberos database back-end. Nor is there a 389 DS forum, so I am asking here and hopefully some of you could possibly help or throw in some light as to this kind of setup.

I have read the 389 DS features page and the Redhat documents but there is no reference to this feature.

Thank you.

[dburkland]

I am not really familiar with 389 DS but I just recently completed a similar probject using MIT-KRB5 and OpenLDAP. I don't know how different 389 DS is from OpenLDAP but this article may provide some help. Feel free to PM me if you like

[tenmoi]

Thank you for your reply.

The link you provided is probably only applied to openldap (I guess so because I convert the kerberos.schema and then import it to DS to no avail.)

In fact I did set up the DS and Kdc and can authenticate both fedora and ubuntu karmic against the DS, using credentials set in the DS.

What I want to achieve is to configure Kerberos to use DS (not Openldap) as its principal database. Of course,there is FreeIPA, which integrates Krb and DS, but I want to learn how those separate pieces work.

BY the way, I'd like to ask this question:
I installed FreeIPA and pass all tests and follow all troubleshooting guides but I cannot log in to the server thru firefox with the error "kerberos login error".

Thank you.

[robert.forster]

I have setup something along those lines

Currently running 389 to handle usernames and posix information along with remove directories and automount FS and KRB5 system

Unfortunately to integrate the two together wasn't worth it to me. I handle to two separately and use a perl script to create the accounts.

389 handles UID/GID homedir/autoFS w/secureNFS
Kerberos KRB5 authentication

I initially wanted it all done within FDS but found that there were to many hurdles and issues with FDS (now 389) calling on KRB