Displaying 18 results from an estimated 18 matches for "eku".
Did you mean:
edu
2010 Oct 18
1
Setting up Samba4 - lots of implementation questions esp re. PKI and SSO
...s/10-kornievskaia-pkinit-interop.pdfwhich
seems quite detailed and covers quite a bit, in particular it mentions
this:
-------QUOTE----------------------------------------------------------
CLIENT IDENTITY
- Kerberos principal name encoded in X509 SAN
- Mapping facility at the KDC
- Must have X509 EKU fields
--------/QUOTE----------------------------------------------------------
So to handle those one at a time, principal name for a user would just be
their username on the domain, or would it be the full CN like
paul at mydomain.com ?
Then for a service (I've read
http://technet.microsoft....
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...hat I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
EXAMPLE.COM = {
pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature
pkinit_eku_checking = kpServerAuth
pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so
pkinit_kdc_hostname = example.com
}
[appdefaults]
pam = {
mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM
}
```
>From what I understand, that works because I ha...
2011 Dec 31
0
[PATCH] i.d.s/openvpn: support 'remote-cert-tls (server|client)'
...igit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has key usage ([0-9a-f]{4}), expects \4$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? \+\+ Certificate has EKU \(str\) TLS Web (Client|Server) Authentication, expects TLS Web \4 Authentication$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]:( ([-_.@[:alnum:]]+/)?[.[:digit:]]{7,15}:[[:digit:]]{2,5})? VERIFY (|E)KU OK$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (openvp...
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false
dns_lookup_kdc =...
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_loo...
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> pkinit_kdc_hostname = <DNS>
>>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>>> pkinit_eku_checking = kpServerAuth
>>> pkinit_win2k_require_binding = false
>>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>>
>>> [realms]
>>> EXAMPLE.COM = {
>>> kdc = kerberos.example.co...
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
and removed "krb5.keytab" too. You told me that my domain name is "jasondomaini" but it is wrong, My domain name is &q...
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false
dns_lookup_kdc =...
2015 Jan 19
0
Did you get my previous email? Not Spam.
...default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # pkinit_kdc_hostname = <DNS>
> # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> # pkinit_eku_checking = kpServerAuth
> # pkinit_win2k_require_binding = false
> # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Thank you so much and Please l...
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_loo...
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_loo...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.example.com
> }
> J...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>> admin_server = ke...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
JASONDOMAIN.JJ = {
auth_to_local = RULE:[1:$0\$1](...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.example.com
> }
> J...
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>> admin_server = ke...
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote:
> On 04/01/15 10:17, Jason Long wrote:
>> Thanks a lot.
>> I enter the command and result is :
>>
>> Using short domain name -- JASONDOMAINI
>> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ'
>> but after run "net rpc testjoin" :
>>
>> Unable to find a suitable server for domain
2011 Apr 22
1
mgcv won't load
Hi,
I'm getting the following error when I try and load mgcv:
> library(mgcv)
Error in dyn.load(file, DLLpath = DLLpath, ...) :
unable to load shared object '/usr/lib/R/library/Matrix/libs/Matrix.so':
/usr/lib/R/library/Matrix/libs/Matrix.so: undefined symbol: R_check_class_and_super
Error: package/namespace load failed for 'mgcv'
I thought there might be a mismatch