Home > Public Guides > How To Basic Connect Linux
How To Basic Connect Linux --Legacy application; see local Tech Support. This process expires December 2009.
- Connect with SMB Client
- Configure your /etc/krb5.conf
- Firewall Rules
- Request a Kerberos Ticket
- Close your connection and destroy active Kerberos tickets
- Connecting With Konqueror
- Configure /etc/krb5.conf
- Open Required Ports in the Firewall
- Initiate a Kerberos session
- Navigate to AD Server/Share with Konqueror
- Destroy your Kerberos tickets
Connect with SMB Client
Configure your /etc/krb5.conf
On FedoreCore4, modify /etc/krb5.conf and add the following to libdefaults and realms:
[libdefaults]
default_realm = UMN.EDU
dns_fallback = yes
ticket_lifetime = 600
[realms]
UMN.EDU = {
admin_server = krb-w.tc.umn.edu.
kdc = krb-w.tc.umn.edu.:88
}
Firewall Rules
On FedoraCore4 with iptables running and configured to restrict access, the rules you will need to add to your configuration are something like this:
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4444 -j ACCEPT
In other words, you must open:
- UDP/88
- TCP/749
- TCP/464
- UDP/464
- UDP/4444
In your firewall to allow the Kerberos handshake to take place.
Request a Kerberos Ticket
Use kinit to request a Kerberos ticket for your InternetID in the UMN.EDU domain:[user@linux ~]$ kinit user@UMN.EDU Password for user@UMN.EDU: [user@linux ~]$Use smbclient to connect to a given SERVER / SHARENAME with your Kerberos (the -k option in smbclient) credentials:
[user@linux ~]$ smbclient //{servername}.ad.umn.edu/{sharename} -k
OS=[Windows Server 2003 3790 Service Pack 1] Server=[Windows Server 2003 5.2]
smb: \>
We are now connected and can view the contents of the share:
smb: \> ls
. D 0 Fri Sep 30 09:43:40 2005
.. D 0 Fri Sep 30 09:43:40 2005
1Help D 0 Wed Sep 7 10:57:41 2005
Accounting D 0 Fri Sep 16 08:24:37 2005
DMC D 0 Thu Jan 12 13:41:31 2006
FAST D 0 Tue Aug 30 08:24:53 2005
FrontOffice D 0 Tue Feb 28 15:01:04 2006
Marketing&Communications D 0 Fri Sep 30 10:27:46 2005
Projects D 0 Thu Aug 25 09:16:10 2005
Software D 0 Tue Sep 20 12:25:28 2005
Users D 0 Thu Feb 9 11:10:35 2006
UTTC D 0 Fri Jan 13 08:29:00 2006
63996 blocks of size 8388608. 43720 blocks available
smb: \> ?
Close your connection and destroy active Kerberos tickets
smb: \> quit [user@linux ~]$ kdestroy -5 [user@linux ~]$
You can verify that the tickets were indeed removed by attempting to connect with smbclient and your Kerberos credentials:
[user@linux ~]$ smbclient //.ad.umn.edu/ -k spnego_gen_negTokenTarg failed: No credentials cache found session setup failed: SUCCESS - 0 [user@linux ~]$
Or using klist
[user@linux ~]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_500) Kerberos 4 ticket cache: /tmp/tkt500 klist: You have no tickets cached [user@linux ~]$
Connecting With Konqueror
Configure /etc/krb5.conf
Follow these instructions for configuring your Kerberos realms and libdefaults : UMNActiveDirectory.ConnectingToADWithKerberosOnLinuxWithSMBClient#Configure_your_etc_krb5_conf
Open Required Ports in the Firewall
Follow the instructions for opening the firewall here: UMNActiveDirectory.ConnectingToADWithKerberosOnLinuxWithSMBClient#Firewall_Rules
Initiate a Kerberos session
With kinit:> kinit user@UMN.EDU Password for user@UMN.EDU: >
Or by using the krb5 application that is part of gnome-kerberos.
Navigate to AD Server/Share with Konqueror
Open a new Konqueror window and enter in the appropriate smb://servername/sharename,e.g. smb://fseb1.ad.umn.edu/OIT_ADCS
Destroy your Kerberos tickets
With kdestroy:> kdestroy -5