search for: gssapitrustdn

...from bob to alice with the service accounts I added to the following to both of the dcs sshd_config GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIStrictAcceptorCheck yes GSSAPIKeyExchange yes ssh_config GSSAPIAuthentication yes GSSAPIDelegationCredentials yes GSSAPIKeyExchange yes GSSAPITrustDNS yes After that i created the keytab i know i need an working ticket Samba-tool domain exportkeytab /etc/krb5.keytab -principal=alice$ I get the ticket with on bob for alice kinit -v -k -t /etc/krb5.keytab alice$ after that i tryed to get an ssh connection to alice with (force gssapi connectio...

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

http://bugzilla.mindrot.org/show_bug.cgi?id=1008 simon at sxw.org.uk changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |simon at sxw.org.uk ------- Comment #5 from simon at sxw.org.uk 2006-08-19 08:28 ------- There isn't an easy fix for this, at

...sed by server misconfiguration (bugzilla.mindrot.org #1244) *) Better error reporting when using GSSAPI libraries containing multiple mechanisms (bugzilla.mindrot.org #1220) *) Support for GSSAPI connections to hosts using a round-robin load balancer, through the GSSAPITrustDNS client option (bugzilla.mindrot.org #1008) *) Support for GSSAPI connections to multi-homed hosts with multiple acceptor names, though the GSSAPIStrictAcceptorCheck server option (bugzilla.mindrot.org #928) *) Tidy GSSAPI code seperation between client and server (bug...

...use the ticket is still > open... Unfortunately is not. The patch is not included in the mainstream version which is supplied by most of the linux distribution. For instance with openssh 6.2p2-1 supplied by Arch Linux '#man ssh_config' doesn't know anything about the directive 'GSSAPITrustDNS' and I'm not able to resolve DNSs. This is really crazy: a patch has been there since 7 years ago, but still not fixed! -- You are receiving this mail because: You are the assignee for the bug.

Dear all, (apologoies - this has nothing to do with 4.7 being out, but is rather a long-standing issue that regularly bites us). Is there anything I could do to further the case of https://bugzilla.mindrot.org/show_bug.cgi?id=1008 As a summary, GSSAPI auth against machine in a DNS load-balanced server farm fails. SSH-1 Kerberos works. DNS load-balanced farm: Individual machines in the farm

If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches? --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

https://bugzilla.mindrot.org/show_bug.cgi?id=2310 Bug ID: 2310 Summary: functionality to start process before ssh and/or to "wrap" such command around ssh Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

I'm pretty sure this is a resolving problem. Can you verify this: https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record Especialy these : for both guids and cross check if from both servers. host -t CNAME 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa._msdcs..... Can you post from both server. /etc/hosts /etc/resolv.conf host servername host fqdn host servername @dns othere