Topic
  • 2 replies
  • Latest Post - ‏2013-07-08T14:43:15Z by jgeiger
GarethJM
GarethJM
1 Post

Pinned topic Kerberos/LDAP/AD "fatal: Failed to set process credentials" Help required

‏2012-06-27T11:51:23Z |
Hi,

I'm trying to configure AIX 6.1 to authenticate users against AD using kerberised LDAP.

I've been able to authenticate my own (local) user against AD using Kerberos (KRB5files) but when I attempt to athenticate using an AD account (test02 - KRB5LDAP) I get the error below in the syslog:

Jun 26 10:45:43 LPAR6-10 auth|security:crit sshd5570576: fatal: Failed to set process credentials

The following setting are present in my ldap.cfg file:

ldapservers:<my_ldap_host>
binddn:CN=<my_user>,OU=<my_OU>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
bindpwd:*****************
authtype:unix_auth
useSSL:no
userbasedn:OU=End Users,OU=Accounts,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
groupbasedn:OU=Groups,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>,DC=<my_dom>
userclasses:user,person,organizationalperson
groupclasses:group
ldapport:389
searchmode:ALL
defaultentrylocation:LDAP
serverschematype:sfu30
memberfulldn: yes
userattrmappath:/etc/security/ldap/sfu30user.map
groupattrmappath:/etc/security/ldap/sfu30group.map

lsuser for test02 gives:

test02 id=10000 pgrp= groups= home=/home/test02 shell=/usr/bin/ksh login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=KRB5LDAP SYSTEM=KRB5LDAP....... (output trucated)

I have created the /home/test02 directory and set the group as 10000 (as per the settings on the AD for msSFUGidNumber)

The ultimate aim is to use this auth mechanism for an installation of SAS (using sasauth in pam.conf) but in the first instance I'd like to be able to prove the concept by logging in an ssh session using test02. Can any one help???

Many Thanks
Updated on 2012-06-28T19:51:45Z at 2012-06-28T19:51:45Z by tech100
  • tech100
    tech100
    109 Posts

    Re: Kerberos/LDAP/AD "fatal: Failed to set process credentials" Help required

    ‏2012-06-28T19:51:45Z  
    have you maybe checked this article? Link
  • jgeiger
    jgeiger
    1 Post

    Re: Kerberos/LDAP/AD "fatal: Failed to set process credentials" Help required

    ‏2013-07-08T14:43:15Z  

    I ran into similar issues.  In my case, the primary group needed to be set to a group defined in AD.

    http://www.unix.com/aix/213603-solved-trouble-kerberos-ldap-aix-6-1-a.html