You are not logged in.
Always with troubles in order to enable SSO (kerberos ) for GLPI , i have followed many tutorials and checked configuration files , I doubt that it requires apache skills ,
In fact our glpi server is packaged into EON (centos 7)
I have create a user in Active Directory (not requires kerberos Authentication )
I have generated a keytab file
C:\Users\administrateur.GCT>ktpass -princ HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN
-mapuser gct\eonhelpdesk -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass eon
helpdesk -out C:\temp\eonhelpdesk.keytab
Targeting domain controller: SRV-ADGCTGAB.GCT.COM.TN
Successfully mapped HTTP/eonhelpdesk.gct.com.tn to eonhelpdesk.
Password succesfully set!
Key created.
Output keytab to C:\temp\eonhelpdesk.keytab:
Keytab version: 0x502
keysize 73 HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN ptype 1 (KRB5_NT_PRINCIPAL) vn
o 3 etype 0x17 (RC4-HMAC) keylength 16 (0xf10523bec71de004153ee7ffde36c96a)
then after generating them , i placed it into etc/httpd/keytab/eonhelpdesk.keytab
this settings are on /etc/httpd/conf.d/glpi.conf (I hope that's the right file )
Alias /glpi "/srv/eyesofnetwork/glpi"
<Directory /srv/eyesofnetwork/glpi>
AuthType kerberos
AuthName "kerberos authenticated"
KrbAuthRealms GCT.COM.TN
KrbServiceName HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN
KrbVerifyKDC on
Krb5KeyTab /etc/httpd/keytab/eonhelpdesk.keytab
KrbMethodNegotiate ON
KrbMethodK5Passwd ON
require valid-user
Options None
AllowOverride Limit Options FileInfo
Require all granted
</Directory>
I checked communication based on
kinit -k -t /etc/httpd/keytab/eonhelpdesk.keytab HTTP/eonhelpdesk.gct.com.tn
list
Ticket cache: KEYRING:persistent:0:0
Default principal: HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN
Valid starting Expires Service principal
28/03/2018 16:54:48 29/03/2018 02:54:48 krbtgt/GCT.COM.TN@GCT.COM.TN
renew until 04/04/2018 16:54:48
[root@eonhelpdesk ~]# kvno HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN HTTP/eonhelpdesk.gct.com.tn@GCT.COM.TN: kvno = 3
That's right without errors
i have updated /etc/httpd/conf.d/ssl.conf by adding
<VirtualHost _default_:443>
DocumentRoot /srv/eyesofnetwork/glpi
ServerName eonhelpdesk.gct.com.tn
finally i add on intranet zone on IE our FQDN but unfortunately that's not enough to enable sso
Thanks for your time
Offline
Currently I'm sure that's the right file is /etc/httpd/conf.d/glpi.conf cause when i have changed Alias /glpi "/srv/eyesofnetwork/glpi" to Alias /glpitest "/srv/eyesofnetwork/glpi" apache take on charge but some tutorials mention that the path is "/usr/share/glpi" , this path is non-existent for me how to resolve this issue .thanks for your time and support .
Offline