Displaying 20 results from an estimated 143 matches for "gssapiauthentication".
2018 May 05
0
GSSAPIAuthentication needs krb5.keytabe on one config, not on another one
...works fine, and it took me a lot of
searches and test/try to
make it that way.
Now, I'm trying to repeat the configuration on another server (both are
identical VMs) and I nearly
achieve the same goal, except for this : on the second setup, I have to
manually generate
/etc/krb5.keytab for the GSSApiAuthentication to work. This is annoying,
because I have to do this
for every user I add.
Alas, I don't remember all the tweaks I made on my first setup, and can't
figure out where the
difference is... The only thing I notice is samba version 4.8.0 on the
first machine, 4.8.1 on the
second one, but I don&...
2018 Dec 01
3
Cannot log into Samba4 AD/DC with ssh as domain user
...r, I have tried logging into the Samba4 AD server as a
domain user:
labmac:~ mark$ ssh mark at mail pwd
mark at mail's password:
Permission denied, please try again.
where 'mail' is the AD/DC.
It also fails if I am on the AD/DC an try the same ssh.
I've tried setting either the GSSAPIAuthentication or KerberosAuthentication in
/etc/ssh/sshd_config, but those don't help. I get:
Dec 1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option GSSAPIAuthentication
Dec 1 06:09:19 mail sshd[8645]: reprocess config line 89: Unsupported option GSSAPIAuthentication
Dec 1 06:09:22 mail sshd[8...
2018 Dec 02
2
Cannot log into Samba4 AD/DC with ssh as domain user
...t; > > > Permission denied, please try again.
> > > >
> > > > where 'mail' is the AD/DC.
> > > >
> > > > It also fails if I am on the AD/DC an try the same ssh.
> > > >
> > > > I've tried setting either the GSSAPIAuthentication or
> > > > KerberosAuthentication in /etc/ssh/sshd_config, but those don't
> > > > help. I get:
Stop here. If you have root privileges, add a *local* account on the
relevant system, and log in using the Kerberos credentials. If those
don't work, you have other issue...
2018 Dec 01
0
Cannot log into Samba4 AD/DC with ssh as domain user
...mark at mail's password:
> > > Permission denied, please try again.
> > >
> > > where 'mail' is the AD/DC.
> > >
> > > It also fails if I am on the AD/DC an try the same ssh.
> > >
> > > I've tried setting either the GSSAPIAuthentication or
> > > KerberosAuthentication in /etc/ssh/sshd_config, but those don't
> > > help. I get:
> > >
> > > Dec 1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option
> > > GSSAPIAuthentication Dec 1 06:09:19 mail sshd[8645]: reprocess
> >...
2007 May 06
2
[Bug 1312] Add short command-line option -K for activating GSSAPIDelegateCredentials
...mindrot.org
ReportedBy: Markus.Kuhn at cl.cam.ac.uk
I would like to propose the addition of a new command-line option to
the OpenSSH client program "ssh":
-K Enables both GSSAPI authentication and forwarding of
GSSAPI credentials to server (equivalent to options
GSSAPIAuthentication=yes and GSSAPIDelegateCredentials=yes)
Reason:
When logging in to servers that use Kerberized NFS, it is not possible
to use publickey authentication, because ~/.ssh/authorized_keys is not
available at the time of login. In such environments, which become
increasingly common due to security worri...
2014 May 25
2
Samba 4 / Kerberos / ssh
...ervice principle to connect to the other domain controller. I know for that i need a working /etc/krb5.keytab
e.g. i have two s4 dc's
bob
alice
i have done the following. I want to connect from bob to alice with the service accounts
I added to the following to both of the dcs
sshd_config
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck yes
GSSAPIKeyExchange yes
ssh_config
GSSAPIAuthentication yes
GSSAPIDelegationCredentials yes
GSSAPIKeyExchange yes
GSSAPITrustDNS yes
After that i created the keytab i know i need an working ticket
Samba-tool domain exportkeytab /etc/kr...
2006 Jul 10
1
[Bug 944] ssh_config missing default configuration values for GSSAPI
...around and enabling the variables
in
/etc/ssh/sshd_config it turned out the *client* lacked the variables in
/etc/ssh/ssh_config, which would instruct it to try gssapi. Please add
to /etc/ssh/ssh_config these two lines:
# Instruct ssh(1) client to attempt GSSAPI authentication, see
ssh_config(5)
# GSSAPIAuthentication yes
# GSSAPIDelegateCredentials yes
</quote>
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2007 Sep 30
2
Central principal->user@host management?
[Apologies if this is an off-topic question; please direct me to a more
appropriate place if so.]
Using Kerberos/GSSAPIAuthentication, is there a way to centrally
control/manage (perhaps using LDAP?) which user principals can log into what
hosts/accounts?
--
Jos Backus
jos at catnook.com
2015 Feb 23
2
help with negative patterns in Match
...ig:
#general config
#...
Match User foo LocalAddress 10.0.0.1,fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
Match User foo LocalAddress !10.0.0.1,!fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
Hostbase...
2015 Feb 26
2
Samba4 SSH SSSD-AD Problem
...es = nss, pam
config_file_version = 2
domains = $DOMAINNAME$
[nss]
[pam]
[domain/$DOMAINNAME$]
id_provider = ad
access_provider = ad
ldap_id_mapping=false
krb5_keytab=/etc/krb5.keytab
And sshd with to following sshd_config:
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIStrictAcceptorCheck no
GSSAPIStoreCredentialsOnRekey yes
UsePAM yes
X11Forwarding yes
UseDNS no
Subsystem sftp /usr/lib/ssh/sftp-server
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS...
2006 Feb 10
0
OpenSSH ControlAllowUsers, et al Patch
...ControlMaster
ControlPath
+ ControlBindMask
+ ControlAllowUsers
+ ControlAllowGroups
+ ControlDenyUsers
+ ControlDenyGroups
GlobalKnownHostsFile
GSSAPIAuthentication
GSSAPIDelegateCredentials
Index: scp.1
===================================================================
--- scp.1 (revision 15802)
+++ scp.1 (revision 15803)
@@ -130,6 +130,11 @@
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlBindMask
+.It ControlAllowUse...
2008 Apr 04
7
User-specific sshd_config?
Hi.
I wonder if it would be possible to implement support for a
user-specific sshd_config. The primary reason is that I would like the
ability to specify that I'm only allowed to login with a key pair, even
though the system-wide sshd configuration still allows passwords for
other users.
Of course, a user-specific sshd_config file should not be able to break
the security policy of the
2018 Dec 02
2
Cannot log into Samba4 AD/DC with ssh as domain user
...> > > > >
> > > > > > where 'mail' is the AD/DC.
> > > > > >
> > > > > > It also fails if I am on the AD/DC an try the same ssh.
> > > > > >
> > > > > > I've tried setting either the GSSAPIAuthentication or
> > > > > > KerberosAuthentication in /etc/ssh/sshd_config, but those
> > > > > > don't help. I get:
> > > > > >
> > > > > > Dec 1 06:09:19 mail sshd[8645]: rexec line 89: Unsupported option
> > > > > >...
2009 May 06
1
Kerberos and 2008 AD troubles
...QDN of the machine with the AD DNS name
/etc/krb5.conf: Added AD realm info
/etc/samba/smb.conf: All AD info entered correctly
Net ads join: OK
Wbinfo -u/g: Shows all users and groups in the domain
Pam_winbind: Allows users to login to the console or through SSH
(password)
/etc/ssh/sshd_conf: GSSAPIAuthentication yes
/etc/ssh/ssh_conf (on remote machine configured exactly the same):
GSSAPIAuthentication yes and GSSAPIDelegateCredentials no
Same error on Debain Lenny using Samba 3.2.5 and Debain Squeeze using
Samba 3.3.3
/etc/samba/smb.conf:
[global]...
2012 Jul 09
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
krb5.conf contains this:
=====================================================
[libdefaults]
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namen...
2020 Jul 13
2
Authentication with trusted credentials
...es dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
*passwd: compat winbindgroup: compat winbind*
*#passwd: files winbind#group: files winbind*
If I use default sshd_config
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
I have:
d at uc-smlbox20:~$ ssh SVITLA3\\test01 at uc-smlbox20.svitla3.room
SVITLA3\test01 at uc-smlbox20.svitla3.room's password:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-40-generic x86_64)
d at uc-s...
2018 Sep 14
2
sftp fails when run from cron
...correctly when started from a command
line. It fails when run from cron.
Authentication with the remote server is set to use a private/public
key and does not require an explicit password.
Why does the authentication fail when run from cron?
----[ command ]----
/usr/bin/sftp -vv -P 1022 -p -o GSSAPIAuthentication=no \
-i /home/xxx/.ssh/jumpline \
-b /home/xxx/bin/sftp-sma-download-batch \
yyy at sohnen-moe.com
----[ end ]----
---[ sucessful login ]---
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
** the logs were the same for the two instances up to this point **
debug2: key: /home/...
2016 Nov 17
1
long delay when logging in
On 17/11/16 16:34, Digimer wrote:
> Edit /etc/ssh/sshd_config
>
> Set:
>
> UseDNS no
> GSSAPIAuthentication no
>
> Save, restart sshd, try again.
This will certainly stop the long timeout, but I prefer telling people
to fix their DNS. The long timeout is indicative of a DNS issue and
turning off DNS for ssh is just masking the real problem. I prefer to
leave DNS on for ssh as it's a good in...
2023 Aug 02
1
[PATCH] ssh_config: reflect default CheckHostIP no
...make CheckHostIP default to 'no'...")
> ---
> ssh_config | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ssh_config b/ssh_config
> index 842ea866c..1eb1c0063 100644
> --- a/ssh_config
> +++ b/ssh_config
> @@ -25,7 +25,7 @@
> # GSSAPIAuthentication no
> # GSSAPIDelegateCredentials no
> # BatchMode no
> -# CheckHostIP yes
> +# CheckHostIP no
> # AddressFamily any
> # ConnectTimeout 0
> # StrictHostKeyChecking ask
> --
> 2.38.1
>