Captive Portal Zeroshell with Samba Active Directory

myReFR

New Member
Credits
30
Hi everybody, i need your help , i'm a beginner .
I have a graduation project. I try to config a captive portal on a routeur Zeroshell for my Samba AD i have a problem when i try to connect on the portal with a member of my AD , its not working , i have a ” ACCESS DENIED !!! , [email protected] not connected USER Unknown or invalid password” .
When i watch the logs of captive portal , i see ” AS : kinit(v5): Cannot find KDC for requested realm while getting initial credentials^M
“AS: warning: authentification failed for the user [email protected]
error alice connexion.PNG
log portalcaptive.PNG


Does anyone have a suggestion to this problem , What should I check or configure on my samba to fix the problem?
 


f33dm3bits

Gold Member
Gold Supporter
Credits
6,130
It can't find the kerberos configuration for the realm YODA.LOCAL so authentication fails. Configure the kerberos realm for YODA.LOCAL, if you don't want to use kerberos for authentication for samba disable kerberos authentication in your samba configuration and configure a different authentication method.
 
Last edited:

myReFR

New Member
Credits
30
Okay. Cause I tested it on my Samba and it seemed to work.
test samba-ad.PNG

But I only have 3 lines in my /etc/krb5.conf
krbconf.PNG


Do I need to add :
[realms]
YODA.LOCAL = {
kdc = debian.yoda.local
admin_server = debian.yoda.local
default_domain = yoda.local
}
[domain_realm]
.yoda.local = YODA.LOCAL
yoda.local = YODA.LOCAL

Is there another file to be modified ?
 

f33dm3bits

Gold Member
Gold Supporter
Credits
6,130
Yes /etc/krb5.conf is the only configuration file on the client you need to edit for kerberos, also check if your samba configuration is setup correctly for using kerberos.
Configuring a Kerberos client
Samba/Kerberos
 
Last edited:

myReFR

New Member
Credits
30
I found the solution, I had to change the resolv.conf of my zeroshell. In the /etc/resolv.conf, i changed the nameserver with the ip of my samba-AD . Ty for Help
 


Members online


Top