Произведена настройка ALD, Apache2 соласно документации. Мандатные метки настроены. В браузере в конфиге у network.negotiate-auth.trusted-uris и network.negotiate-auth.delegation-uris прописано значение http://. Все равно в браузере вылетает ошибка «Authorization Required». В логах «[client client_ip] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos». Уже который день бьюсь, помогите пожалуйста!
Содержимое файлов:
НА СЕРВЕРЕ
Конфиг виртуального хоста
<VirtualHost *:80>
ServerName server.postgres.ru
ServerAdmin webmaster@localhost
DocumentRoot /var/www/python
WSGIScriptAlias /app /var/www/python/app.wsgi
<Directory /var/www/python>
AuthType Kerberos
KrbAuthRealms REALM
KrbServiceName HTTP/server.postgres.ru
Krb5Keytab /etc/apache2/keytab
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbSaveCredentials on
require valid-user
</Directory>
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
/etc/ald/ald.conf
VERSION=1.7
# Version of ald
DOMAIN=.postgres.ru
# The name of your domain (also used as Kerberos realm in upper-case).
# Should be in the form:
# .example.com
# !NOTE! (for ald-server). If this value is changed - the server should be
# reinitialized by:
# $ ald-init init
# Or you should use the commands 'ald-init backup-ldif' and
# 'ald-init restore-backup-ldif'.
SERVER=server.postgres.ru
SERVER_ID=1
# Server identifier
# You need to make sure that the SERVER_ID of each ALD server in domain
# is different
DESCRIPTION=
# Host description
MINIMUM UID=2500
DEFAULT_LOGIN_SHELL=/bin/bash
# Default login shell
DEFAULT_LOCAL_GROUPS=users,audio,video,scanner
# Default local groups for new domain users
ALLOWED_LOCAL_GROUPS=users,audio,video,scanner,cdrom,floppy,fuse
# Local groups are allowed on this machine for domain users
TICKET_MAX_LIFE=10h
TICKET_MAX_RENEWABLE_LIFE=7d
NETWORK_FS_TYPE=cifs
# May be one of: none, nfs, cifs.
# Determines network filesystem type to store/mount home directories.
# If 'none' is set - no global filesystem is used and the following filesystem
# options are ignored.
SERVER_EXPORT_DIR=/ald_export_home
SERVER_ARCHIVE_DIR=/ald_archive_home
CLIENT_MOUNT_DIR=/ald_home
SERVER_FS_KRB_MODES=krb5i
CLIENT_FS_KRB_MODE=krb5i
SERVER_POLLING_PERIOD=600
CACHE_REFRESH_PERIOD=600
# This parameter applied only to ALD Cache Daemon. Specifies
# the cache refresh period.
UTF8_GECOS=1
SERVER_ON=1
CLIENT_ON=1
/etc/hostname
server
/etc/hosts
127.0.0.1 localhost
192.168.21.132 server.postgres.ru server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
НА КЛИЕНТЕ
hostname astraadmin
/etc/hosts
127.0.0.1 localhost
192.168.21.134 astraadmin.postgres.ru astraadmin
192.168.21.132 server.postgres.ru server
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
NTP сервер и время настроены. В чем может быть проблема?
