Kerberos Authentication SoftNAS Prerequisites
Active Directory Prerequisites
Active Directory
- These pages assume that you have Active Directory already configured.
- These pages assume that you have created users in Active Directory.
You can find more information on Active Directory here.
Kerberos Client Packages
- Issue the following command on your SoftNAS instance to install the required packages.
Installing Kerberos Packages
sudo yum install krb5-workstation krb5-libs
Time Synchronization
- It's important to remember that all machines that will participate in Kerberos authentication must have a reliable, synchronized time source. If the difference in time between systems varies by more than roughly 5 minutes, systems will not be able to authenticate.
Host Names
- All hosts must have their hostname set to the fully qualified hostname as reported by DNS. Both forward and reverse mapping must work properly. If the host name does not match the reverse DNS lookup, Kerberos authentication will fail.
- In our example, we added the server name inside of the /etc/hosts file.
To ensure that you can reach your AD domain, issue the following command from your SoftNAS instance:
ping -c4 <your-domain-name>
Firewall Configuration
- TCP/UDP ports 88 and 464 must be open if using standard Kerberos ports