Displaying 16 results from an estimated 16 matches for "pkinit_cert_match".
2023 Nov 02
2
Issues with AD trusts and UID/GID ranges
...ault_ccache_name = KEYRING:persistent:%{uid} [realms]
CUSTOMER.TLD = {
kdc = ad.customer.tld
admin_server = ad.customer.tld
default_domain = customer.tld
pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem
pkinit_cert_match = <KU>digitalSignature
pkinit_kdc_hostname = ad.customer.tld
}
CORPORATE.TLD = {
kdc = ad.corporate.tld
admin_server = ad.corporate.tld
default_domain = corporate.tld
pkinit_anchors = FILE:/etc/pk...
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...rd for authentication.
>From what I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
EXAMPLE.COM = {
pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature
pkinit_eku_checking = kpServerAuth
pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so
pkinit_kdc_hostname = example.com
}
[appdefaults]
pam = {
mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM
}
```
>From what I understand, tha...
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false...
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
...C-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN...
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...t;>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> pkinit_kdc_hostname = <DNS>
>>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>>> pkinit_eku_checking = kpServerAuth
>>> pkinit_win2k_require_binding = false
>>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>>
>>> [realms]
>>> EXAMPLE.COM = {
>>> kdc =...
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...types = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
and removed "krb5.keytab" too. You told me that my domain name is "jasondomaini" but it is wrong,...
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false...
2015 Jan 19
0
Did you get my previous email? Not Spam.
...MAC DES-CBC-MD5 DES-CBC-CRC
> # default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # pkinit_kdc_hostname = <DNS>
> # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> # pkinit_eku_checking = kpServerAuth
> # pkinit_win2k_require_binding = false
> # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Thank you...
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...C-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN...
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...C-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.examp...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...C-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>&g...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...types = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
JASONDOMAIN.JJ = {
auth_to_loc...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.examp...
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...C-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>&g...
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote:
> On 04/01/15 10:17, Jason Long wrote:
>> Thanks a lot.
>> I enter the command and result is :
>>
>> Using short domain name -- JASONDOMAINI
>> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ'
>> but after run "net rpc testjoin" :
>>
>> Unable to find a suitable server for domain