I'm trying to configure AIX 6.1 to authenticate users against AD using kerberised LDAP.
I've been able to authenticate my own (local) user against AD using Kerberos (KRB5files) but when I attempt to athenticate using an AD account (test02 - KRB5LDAP) I get the error below in the syslog:
Jun 26 10:45:43 LPAR6-10 auth|security:crit sshd5570576: fatal: Failed to set process credentials
The following setting are present in my ldap.cfg file:
lsuser for test02 gives:
test02 id=10000 pgrp= groups= home=/home/test02 shell=/usr/bin/ksh login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=KRB5LDAP SYSTEM=KRB5LDAP....... (output trucated)
I have created the /home/test02 directory and set the group as 10000 (as per the settings on the AD for msSFUGidNumber)
The ultimate aim is to use this auth mechanism for an installation of SAS (using sasauth in pam.conf) but in the first instance I'd like to be able to prove the concept by logging in an ssh session using test02. Can any one help???
Pinned topic Kerberos/LDAP/AD "fatal: Failed to set process credentials" Help required
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-06-28T19:51:45Z at 2012-06-28T19:51:45Z by tech100
jgeiger 2700060BHT1 Post
Re: Kerberos/LDAP/AD "fatal: Failed to set process credentials" Help required2013-07-08T14:43:15ZThis is the accepted answer. This is the accepted answer.
I ran into similar issues. In my case, the primary group needed to be set to a group defined in AD.