Arthur Ramsey
2013-Nov-20 22:53 UTC
[Samba] Samba4 and GSSAPI based authentication for OpenSSH
I seem to be having the same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0 Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 3 failures 0 Nov 20 16:02:59 appdb01-qa sshd[31623]: debug1: userauth-request for user arthurr service ssh-connection method gssapi-with-mic [arthurr at appdb01-qa]~% klist Ticket cache: FILE:/tmp/krb5cc_16777216 Default principal: arthurr at MEDITURE.DOM Valid starting Expires Service principal 11/20/13 15:59:55 11/21/13 01:59:55 krbtgt/MEDITURE.DOM at MEDITURE.DOM renew until 11/27/13 15:59:55 11/20/13 15:59:55 11/21/13 01:59:55 APPDB01-QA$@MEDITURE.DOM renew until 11/27/13 15:59:55 Samba client: 3.6.9 Samba4 PDC: 4.1.1 This was my starting place: https://wiki.samba.org/index.php/Authenticating_other_services_against_AD. I also have searched google extensively. Any help would be appreciated. -- Arthur Ramsey Systems Administrator Mediture arthur_ramsey at mediture.com 952.400.0323 This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
L.P.H. van Belle
2013-Nov-21 08:27 UTC
[Samba] Samba4 and GSSAPI based authentication for OpenSSH
look here, it might help you. http://us.generation-nt.com/answer/re-samba-how-do-i-get-an-ssh-client-authenticate-samba4-kerberos-gssapi-solved-help-208138311.html>-----Oorspronkelijk bericht----- >Van: arthur_ramsey at mediture.com >[mailto:samba-bounces at lists.samba.org] Namens Arthur Ramsey >Verzonden: woensdag 20 november 2013 23:53 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Samba4 and GSSAPI based authentication for OpenSSH > >I seem to be having the same issue as >https://lists.samba.org/archive/samba/2012-December/170426.html. I >don't see that he ever reached a solution. > >Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS >failure. Minor code may provide more information\nNo key table entry >found matching host/appdb01-qa.mediture.dom@\n >Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for >user arthurr service ssh-connection method gssapi-with-mic >Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 2 failures 0 >Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: userauth-request for >user arthurr service ssh-connection method gssapi-with-mic >Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1: attempt 3 failures 0 >Nov 20 16:02:59 appdb01-qa sshd[31623]: debug1: userauth-request for >user arthurr service ssh-connection method gssapi-with-mic > >[arthurr at appdb01-qa]~% klist >Ticket cache: FILE:/tmp/krb5cc_16777216 >Default principal: arthurr at MEDITURE.DOM > >Valid starting Expires Service principal >11/20/13 15:59:55 11/21/13 01:59:55 krbtgt/MEDITURE.DOM at MEDITURE.DOM > renew until 11/27/13 15:59:55 >11/20/13 15:59:55 11/21/13 01:59:55 APPDB01-QA$@MEDITURE.DOM > renew until 11/27/13 15:59:55 > >Samba client: 3.6.9 >Samba4 PDC: 4.1.1 > >This was my starting place: >https://wiki.samba.org/index.php/Authenticating_other_services_ >against_AD. >I also have searched google extensively. > >Any help would be appreciated. > >-- >Arthur Ramsey >Systems Administrator >Mediture >arthur_ramsey at mediture.com >952.400.0323 > >This e-mail and any attachments may contain CONFIDENTIAL >information, including PROTECTED HEALTH INFORMATION. If you >are not the intended recipient, any use or disclosure of this >information is STRICTLY PROHIBITED; you are requested to >delete this e-mail and any attachments, notify the sender >immediately, and notify the Mediture Privacy Officer at >privacyofficer at mediture.com. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >