search for: gss_acquire_cred

...ave a principal for each interface, and the client to know >the name of the interface. The Kerberos client is trying to authenticate >to the host, not an interface. > >But if the host actually has multiple names, a possible change is to >pass GSS_C_NO_NAME rather then ctx->name to gss_acquire_cred. This then >leaves it upto the GSS to determine the acceptable names. In the Kerberos >case this would be any principal name that is in the keytab. > > RFC2743 says: > o desired_name INTERNAL NAME, -- NULL requests locally-determined > -- default > >If you add this ch...

On Wed, 1 Feb 2017 07:30:19 -0800 Chris Stankevitz <chrisstankevitz at gmail.com> wrote: > On Wed, Feb 1, 2017 at 1:12 AM, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > He is also unlikely to be running avahi, he is using Freebsd 10.3 > > truss (like strace) showed that wbinfo, net, and sshd were all hanging > after system calls to getuid() and

...text_create failed: NT_STATUS_NOT_SUPPORTED 2. A complaint about broken pipe after starting gse_krb5. This happened multiple times. Starting GENSEC submechanism gse_krb5 Client request timed out, shutting down sock 23, pid 89266 final write to client failed: Broken pipe 3. A complainted about gss_acquire_creds. This happened multiple times. gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials w ere unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit. Failed to start GENSEC client mech gse_kr...

...D: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory e. NFSD: starting 90-second grace period f. Starting NFS mountd: OK 12) I then checked /var/log/messages to find the following log entries: a. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name b. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain credentials for 'nfs' c. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root (machine) credentia...

...Fix a memory leak. * BUG 12727: Lookup-domain for well-known SIDs on a DC. * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation. o Alexander Bokovoy <ab at samba.org> * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case. * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4. o Amitay Isaacs <amitay at gmail.com> * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to complete. * BUG 12723: ctdb_event monitor command crashes if...

...Fix a memory leak. * BUG 12727: Lookup-domain for well-known SIDs on a DC. * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). * BUG 12729: winbindd: Trigger possible passdb_dsdb initialisation. o Alexander Bokovoy <ab at samba.org> * BUG 12611: credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case. * BUG 12690: lib/crypto: Implement samba.crypto Python module for RC4. o Amitay Isaacs <amitay at gmail.com> * BUG 12697: ctdb-readonly: Avoid a tight loop waiting for revoke to complete. * BUG 12723: ctdb_event monitor command crashes if...

...o create krb5 context for user with uid 0 with any credentials cache for server triangulum.ifm.liu.se The machines that can mount the disk differ slightly in what they log. Some log nothing, others this: Oct 19 13:26:01 pc14113 rpc.gssd[2793]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - Unknown code krb5 195 Oct 19 13:26:01 pc14113 rpc.gssd[2793]: WARNING: Failed to create krb5 context for user with uid 121 for server triangulum.ifm.liu.se Note that there is still an error logged...

Hi, This is another attempt to get my gssapi for multi homed systems into openssh. Please find attach a small change so that gssapi authentication works on multihomed systems. Regards Markus -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-3.8p1-mm.diff Type: application/octet-stream Size: 3599 bytes Desc: not available Url :

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All, I've got a problem with kerberoized NFS server , i can't start rpc.svcgssd daemon on my server. shaver ~ # rpc.svcgssd -fvvv ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name Unable to obtain credentials for 'nfs' unable to obtain root (machine) credentials do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?...

Having problems with rfc2307 user ids. This was working briefly and now it’s not. samba and winbind v 2.4.2.10+dfs wbinfo -u lists all the domain users wbinfo -g lists all the domain groups getent group lists all the local groups and the AD domain groups that have a UNIX gid set getent passwd lists only the local users, then pauses for a moment, then nothing. AD users can’t log in and can’t

...cess. I have also some errors showing up with a high level of debug for winbind: [2016/07/25 23:15:24.221239, 5] ../auth/gensec/gensec_start.c:672(gensec_start_mech) Starting GENSEC submechanism gse_krb5 [2016/07/25 23:15:24.263941, 5] ../source3/librpc/crypto/gse.c:265(gse_init_client) gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit. [2016/07/25 23:15:24.264068, 4] ../auth/gensec/gensec_start.c:679(gensec_start_mech) F...

...mssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit. Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR SPNEGO login failed: A...

Dear all, I am trying to setup Dovecot with GSSAPI support. For testing purposes gssapi is the only method allowed for login. As I cannot login to my mailbox, I'vo got two questions about the following log entries: dovecot: Info: auth-worker(default): passwd-file /dovecot/store/db/test-userdb: Read 3 users dovecot: Info: auth(default): new auth connection: pid=3915 dovecot: Info:

Would OpenSSH be willing to accept a modification similar to the one below to replace the kafs modification to get an AFS PAG and token? The nice features of this are that it can be compiled in even if OpenAFS is not available. At runtime if the dynamic library is present, it can be loaded and called. A dynamic lib is used so the setpag is in the same process. It has been reported that the

Dear Rowland Strange thing is that I do not receive notification on my email about your answers. Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS. When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local. I disabled Avahi daemon. When I try to run the command you quoted: smbclient -k -L

...known SIDs on a DC. > > * BUG 12728: winbindd: Fix error handling in rpc_lookup_sids(). > > * BUG 12729: winbindd: Trigger possible passdb_dsdb > initialisation. > > > > o Alexander Bokovoy <ab at samba.org> > > * BUG 12611: credentials_krb5: use gss_acquire_cred for > client-side GSSAPI > > use case. > > * BUG 12690: lib/crypto: Implement samba.crypto Python > module for RC4. > > > > o Amitay Isaacs <amitay at gmail.com> > > * BUG 12697: ctdb-readonly: Avoid a tight loop waiting > for revoke to...

...mssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit. Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR SPNEGO login failed: A...

Sorry, i come back to this topic in a different thread, because i'm still totally puzzled with the previuous one. Louis, sorry me. ;( I've tried to start with this, that seems very simple: https://wiki.debian.org/NFS/Kerberos And so i've done: a) installed 'nfs-kernel-server' on server, 'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need

Hello, After each reboot, my Samba AD member server lost domain join after reboot, I have to re-enter the server in the domain with the "net ads join -U administrator". I use version 4.4.3 of samba. The domain controller is a Samba AD server. After reboot, when I exectute "net ads testjoin" I have: kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: failed

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |