Help with KTPASS and Kerberos

Q

Quarinteen

I am trying to follow the article attached to have postgresql on an ubuntu server authenticate to AD. I keep getting an error that it cannot set the servicePrincipalName. Here is the command I am using which is in the article.

" ktpass /out pg1.keytab /princ postgres@yankers.net@YANKERS.NET /mapuser svcPostgres /crypto AES256-SHA1 +rndpass /target YANKERS.NET -ptype KRB5_NT_PRINCIPAL"

If I understand correctly I create an ad account named svcPostgres and on the linux box the user name is postgres which is the default user postgres installed.

Where I am a little confused is why the command specifies postgres@yankers.net? That account does not exist. Do I need to create it?


The only fix I have found to this is disable UAC which is already disabled.

========================================

Using legacy password setting method
Failed to set property 'servicePrincipalName' to 'postgres' on Dn 'CN=Postgres S
ervice,OU=ASI Special Users,DC=yankers,DC=net': 0x13.
WARNING: Unable to set SPN mapping data.
If svcpostgres already has an SPN mapping installed for postgres, this is no cau
se for concern.
Key created.
Output keytab to pg2.keytab:
Keytab version: 0x502
keysize 86 postgres@4yoursoul.net@4YOURSOUL.NET ptype 1 (KRB5_NT_PRINCIPAL) vno
4 etype 0x12 (AES256-SHA1) keylength 32 (0x7f789997a893b5fa7df376f67b5626f50ab4c
906d497e0f51bc824736f8c0c97)

=============================================================



How to setup Windows Active Directory with PostgreSQL GSSAPI Kerberos Authentication

Continue reading...
 

Similar threads

Back
Top Bottom