thr3ads.net - samba - [Samba] Samba4 and GSSAPI based authentication for OpenSSH [Nov 2013]

If this information is useful, please help other people find it:
Share via:

Arthur Ramsey

2013-Nov-20 22:53 UTC

[Samba] Samba4 and GSSAPI based authentication for OpenSSH

I seem to be having the same issue as 
https://lists.samba.org/archive/samba/2012-December/170426.html.  I 
don't see that he ever reached a solution.

Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS 
failure.  Minor code may provide more information\nNo key table entry 
found matching host/appdb01-qa.mediture.dom@\n
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for 
user arthurr service ssh-connection method gssapi-with-mic
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for 
user arthurr service ssh-connection method gssapi-with-mic
Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 3 failures 0
Nov 20 16:02:59 appdb01-qa sshd[31623]: debug1: userauth-request for 
user arthurr service ssh-connection method gssapi-with-mic

[arthurr at appdb01-qa]~% klist
Ticket cache: FILE:/tmp/krb5cc_16777216
Default principal: arthurr at MEDITURE.DOM

Valid starting     Expires            Service principal
11/20/13 15:59:55  11/21/13 01:59:55 krbtgt/MEDITURE.DOM at MEDITURE.DOM
     renew until 11/27/13 15:59:55
11/20/13 15:59:55  11/21/13 01:59:55  APPDB01-QA$@MEDITURE.DOM
     renew until 11/27/13 15:59:55

Samba client: 3.6.9
Samba4 PDC: 4.1.1

This was my starting place: 
https://wiki.samba.org/index.php/Authenticating_other_services_against_AD. 
I also have searched google extensively.

Any help would be appreciated.

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey at mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including
PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or
disclosure of this information is STRICTLY PROHIBITED; you are requested to
delete this e-mail and any attachments, notify the sender immediately, and
notify the Mediture Privacy Officer at privacyofficer at mediture.com.

L.P.H. van Belle

2013-Nov-21 08:27 UTC

head link

[Samba] Samba4 and GSSAPI based authentication for OpenSSH

look here, it might help you.


http://us.generation-nt.com/answer/re-samba-how-do-i-get-an-ssh-client-authenticate-samba4-kerberos-gssapi-solved-help-208138311.html
 
>-----Oorspronkelijk bericht-----
>Van: arthur_ramsey at mediture.com 
>[mailto:samba-bounces at lists.samba.org] Namens Arthur Ramsey
>Verzonden: woensdag 20 november 2013 23:53
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba4 and GSSAPI based authentication for OpenSSH
>
>I seem to be having the same issue as 
>https://lists.samba.org/archive/samba/2012-December/170426.html.  I 
>don't see that he ever reached a solution.
>
>Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS 
>failure.  Minor code may provide more information\nNo key table entry 
>found matching host/appdb01-qa.mediture.dom@\n
>Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for 
>user arthurr service ssh-connection method gssapi-with-mic
>Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0
>Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for 
>user arthurr service ssh-connection method gssapi-with-mic
>Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 3 failures 0
>Nov 20 16:02:59 appdb01-qa sshd[31623]: debug1: userauth-request for 
>user arthurr service ssh-connection method gssapi-with-mic
>
>[arthurr at appdb01-qa]~% klist
>Ticket cache: FILE:/tmp/krb5cc_16777216
>Default principal: arthurr at MEDITURE.DOM
>
>Valid starting     Expires            Service principal
>11/20/13 15:59:55  11/21/13 01:59:55 krbtgt/MEDITURE.DOM at MEDITURE.DOM
>     renew until 11/27/13 15:59:55
>11/20/13 15:59:55  11/21/13 01:59:55  APPDB01-QA$@MEDITURE.DOM
>     renew until 11/27/13 15:59:55
>
>Samba client: 3.6.9
>Samba4 PDC: 4.1.1
>
>This was my starting place: 
>https://wiki.samba.org/index.php/Authenticating_other_services_
>against_AD. 
>I also have searched google extensively.
>
>Any help would be appreciated.
>
>-- 
>Arthur Ramsey
>Systems Administrator
>Mediture
>arthur_ramsey at mediture.com
>952.400.0323
>
>This e-mail and any attachments may contain CONFIDENTIAL 
>information, including PROTECTED HEALTH INFORMATION. If you 
>are not the intended recipient, any use or disclosure of this 
>information is STRICTLY PROHIBITED; you are requested to 
>delete this e-mail and any attachments, notify the sender 
>immediately, and notify the Mediture Privacy Officer at 
>privacyofficer at mediture.com.
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

Reasonably Related Threads

Search for more reasonably related threads

samba - Nov 2013 - Samba4 and GSSAPI based authentication for OpenSSH

[Samba] Samba4 and GSSAPI based authentication for OpenSSH

[Samba] Samba4 and GSSAPI based authentication for OpenSSH

Reasonably Related Threads