You are not logged in.
I'm using GLPI 9.1.2 packaged with EyesOfnetwork (centos 7 )
I'm looking to enable single sign on against active directory .
the FQDN are added to the local Interent sites on Internet Explorer
On the AD i generate a keytab file based on specific user credentials .
under /etc/krb5.conf , i fill the file like this :
[libdefaults]
default_realm = GCT.COM.TN
[realms]
GCT.COM.TN = {
kdc = srv-adgctgab.gct.com.tn
admin_server = srv-adgctgab.gct.com.tn
}
[domain_realm]
srv-adgctgab.gct.com.tn = GCT.COM.TN
.srv-adgctgab.gct.com.tn = GCT.COM.TN
I make an ntpdate between a glpiServer and AD
Finally on changing glpi.conf this keys KrbAuthRealms ,KrbServiceName ,Krb5KeyTab ,KrbMethodNegotiate ,KrbMethodK5Passwd are not coloried is that mean apache don't reconginze them ?
<Directory /srv/eyesofnetwork/glpi>
AuthType kerberos
AuthName "kerberos authenticated"
KrbAuthRealms GCT.COM.TN
KrbServiceName HTTP/eonHelpdesk.gct.com.tn@GCT.COM.TN
Krb5KeyTab /etc/eonHelpdesk.keytab
KrbMethodNegotiate ON
KrbMethodK5Passwd ON
require valid-user
Options None
AllowOverride Limit Options FileInfo
Require all granted
</Directory>
thanks for your time and support
Offline
Any alternnative to progress in this issue ? at least to understand the cause of problems
Offline