for kerberos
yum install python3-devel
yum install krb5-workstation
yum install krb5-devel
yum install krb5-libs
pip install kerberos
pip3 install pywinrm[kerberos]
edit below info in /etc/krb5.conf file then run kinit Administrator@AREA51.COM and kinit -S HOST/WIN-DQTK4K8NQ55.AREA51.COM
# To opt out of the system crypto-policies configuration of krb5, remove the
# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
default_realm = AREA51.COM
default_ccache_name = KEYRING:persistent:%{uid}
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[realms]
#kdc = AREA51.COM
AREA51.COM = {
kdc = area51.com:88
admin_server = area51.com:749
}
[domain_realm]
.area51.com = AREA51.COM
area51.com = AREA51.COM
https://docs.ansible.com/ansible-tower/3.1.3/html/administration/kerberos_auth.html
https://access.redhat.com/solutions/4911041
for domain controller relation issue
https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/verify-srv-dns-records-have-been-created
No comments:
Post a Comment