LINUX.ORG.RU

Error 401 Authorization Required - Apache2, AstraLinux 1.5, ALD

 


0

1

Произведена настройка ALD, Apache2 соласно документации. Мандатные метки настроены. В браузере в конфиге у network.negotiate-auth.trusted-uris и network.negotiate-auth.delegation-uris прописано значение http://. Все равно в браузере вылетает ошибка «Authorization Required». В логах «[client client_ip] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos». Уже который день бьюсь, помогите пожалуйста!

Содержимое файлов:

НА СЕРВЕРЕ

Конфиг виртуального хоста

<VirtualHost *:80>
       ServerName server.postgres.ru

       ServerAdmin webmaster@localhost

        DocumentRoot /var/www/python
        WSGIScriptAlias /app /var/www/python/app.wsgi

        <Directory /var/www/python>
                AuthType Kerberos
                KrbAuthRealms REALM
                KrbServiceName HTTP/server.postgres.ru
                Krb5Keytab /etc/apache2/keytab
                KrbMethodNegotiate on
                KrbMethodK5Passwd off
                KrbSaveCredentials on
                require valid-user

        </Directory>

        LogLevel debug

        ErrorLog ${APACHE_LOG_DIR}/error.log

        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

/etc/ald/ald.conf

VERSION=1.7
# Version of ald


DOMAIN=.postgres.ru
# The name of your domain (also used as Kerberos realm in upper-case).
# Should be in the form:
# .example.com
# !NOTE! (for ald-server). If this value is changed - the server should be
# reinitialized by:
# $ ald-init init
# Or you should use the commands 'ald-init backup-ldif' and
# 'ald-init restore-backup-ldif'.


SERVER=server.postgres.ru
SERVER_ID=1
# Server identifier
# You need to make sure that the SERVER_ID of each ALD server in domain
# is different


DESCRIPTION=
# Host description

MINIMUM UID=2500

DEFAULT_LOGIN_SHELL=/bin/bash
# Default login shell


DEFAULT_LOCAL_GROUPS=users,audio,video,scanner
# Default local groups for new domain users


ALLOWED_LOCAL_GROUPS=users,audio,video,scanner,cdrom,floppy,fuse
# Local groups are allowed on this machine for domain users

TICKET_MAX_LIFE=10h
TICKET_MAX_RENEWABLE_LIFE=7d


NETWORK_FS_TYPE=cifs
# May be one of: none, nfs, cifs.
# Determines network filesystem type to store/mount home directories.
# If 'none' is set - no global filesystem is used and the following filesystem
# options are ignored.

SERVER_EXPORT_DIR=/ald_export_home
SERVER_ARCHIVE_DIR=/ald_archive_home
CLIENT_MOUNT_DIR=/ald_home
SERVER_FS_KRB_MODES=krb5i
CLIENT_FS_KRB_MODE=krb5i
SERVER_POLLING_PERIOD=600

CACHE_REFRESH_PERIOD=600
# This parameter applied only to ALD Cache Daemon. Specifies
# the cache refresh period.
UTF8_GECOS=1

SERVER_ON=1
CLIENT_ON=1

/etc/hostname

server

/etc/hosts

127.0.0.1       localhost
192.168.21.132  server.postgres.ru server

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

НА КЛИЕНТЕ

hostname astraadmin

/etc/hosts

127.0.0.1       localhost
192.168.21.134  astraadmin.postgres.ru astraadmin
192.168.21.132  server.postgres.ru server

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

NTP сервер и время настроены. В чем может быть проблема?