ffabreti/Kerberos with MS-AD (authentication and DNS-update

## Kerberos with MS-AD (authentication and DNS-update
###################################################
#configuring authentication of a linux box with Microsoft Active-Directory
#refer: http://wiki.ubuntu-br.org/AutenticandoAD

$ apt-get install krb5-config krb5-user

$ vi /etc/krb5.conf
        [libdefaults]
                default_realm = DOMAIN.BR
                default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
                default_keytab_name = /etc/krb5.keytab

        # The following krb5.conf variables are only for MIT Kerberos.
                krb4_config = /etc/krb.conf
                krb4_realms = /etc/krb.realms
                kdc_timesync = 1
                ccache_type = 4
                forwardable = true
                proxiable = true

        [logging]
                default = FILE:/var/log/krb5.log

        [realms]
          DOMAIN.BR = {
                        default_domain = DOMAIN.BR
                }

        [domain_realm]
                .domain.br = DOMAIN.BR
        [login]
                krb4_convert = true
                krb4_get_tickets = false


$ ntpdate domain.br

$ kinit -p  user.name@DOMAIN.BR

$ klist

###################################################
#configuring DNS-update
#refer: http://projects.theforeman.org/issues/1685

$ ktutil
ktutil: addent -password -p dns.user@DOMAIN.BR -k 1 -e rc4-hmac
Password for dns.user@DOMAIN.BR:
ktutil:  list
        slot KVNO Principal
        ---- ---- ---------------------------------------------------------------------
           1    1                  dns.user@DOMAIN.BR

ktutil: wkt /etc/krb5.keytab
ktutil: quit

$ echo -e 'server mte.br \n update add ametista-sp.mte.br 3600 A 192.168.11.249  \n send' | nsupdate -g
dns_tkey_buildgssquery failed: ran out of space
#parece que usuário não tem permissão para fazer o update
	###################################################
	#configuring authentication of a linux box with Microsoft Active-Directory
	#refer: http://wiki.ubuntu-br.org/AutenticandoAD

	$ apt-get install krb5-config krb5-user

	$ vi /etc/krb5.conf
	[libdefaults]
	default_realm = DOMAIN.BR
	default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
	default_keytab_name = /etc/krb5.keytab

	# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

	[logging]
	default = FILE:/var/log/krb5.log

	[realms]
	DOMAIN.BR = {
	default_domain = DOMAIN.BR
	}

	[domain_realm]
	.domain.br = DOMAIN.BR
	[login]
	krb4_convert = true
	krb4_get_tickets = false



	$ ntpdate domain.br

	$ kinit -p user.name@DOMAIN.BR

	$ klist

	###################################################
	#configuring DNS-update
	#refer: http://projects.theforeman.org/issues/1685

	$ ktutil
	ktutil: addent -password -p dns.user@DOMAIN.BR -k 1 -e rc4-hmac
	Password for dns.user@DOMAIN.BR:
	ktutil: list
	slot KVNO Principal
	---- ---- ---------------------------------------------------------------------
	1 1 dns.user@DOMAIN.BR

	ktutil: wkt /etc/krb5.keytab
	ktutil: quit

	$ echo -e 'server mte.br \n update add ametista-sp.mte.br 3600 A 192.168.11.249 \n send' \| nsupdate -g
	dns_tkey_buildgssquery failed: ran out of space
	#parece que usuário não tem permissão para fazer o update