Hello
I run the new DokuWiki Gherbo on a Debian 10 Buster with Apache2.4
After the installation and configuration, I wanted to enable SSO for my DokuWiki. Well, everything worked fine until that.
I followed this instruction
https://www.dokuwiki.org/auth:ad
So klist und kinit worked fine.
Then when I return to my DokuWiki site I get a Popup to login with my AD account.
Nothing happens after I enter my Credentials.
When I go to the Apache error.log I get this message:
[auth_kerb:error] [pid 14895] [client 192.168.2.50:60778] failed to verify krb5 credentials: KDC has no support for encryption type
So I googled this message and I all I came with up was that I have to allow all encryption types. So allow alls encryption with the following Group Policy:
Network Security: Configure encryption types allowed for Kerberos
Unfortunately, that helped either.
I also get the error when I type:
kvno HTTP/dokuwiki.kefo.loc@KEFO.LOC
About the DNS:
DNS resolve works fine. The DokuWiki hostname ist vmLF01 but his Alias is dokuwiki.kefo.loc. The Servers are in an isolated network so they can ping each other without problems.
Here are my config files
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = KEFO.LOC
ticket_lifetime = 24h
forwardable = yes
[realms]
KEFO.LOC = {
default_domain = kefo.loc
kdc = windowsserver.kefo.loc
admin_server = windowsserver.kefo.loc
}
[domain_realm]
.kefo.loc = KEFO.LOC
dokuwiki.kefo.loc = KEFO.LOC
kefo.loc = KEFO.LOC
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
000-default.conf
<VirtualHost *:80>
#ServerName dokuwiki.kefo.loc
ServerAdmin webmaster@localhost
DocumentRoot /var/www/dokuwiki
<Directory "/var/www/dokuwiki">
# Kerberos Auth
AuthType Kerberos
KrbAuthRealms KEFO.LOC
KrbServiceName HTTP/dokuwiki.kefo.loc
Krb5Keytab /etc/dokuwiki.HTTP.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd on
require valid-user
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Thanks for your help.
Greetings
Kev