Displaying 15 results from an estimated 15 matches for "pkinit_eku_checking".
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...t support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
EXAMPLE.COM = {
pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature
pkinit_eku_checking = kpServerAuth
pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so
pkinit_kdc_hostname = example.com
}
[appdefaults]
pam = {
mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM
}
```
>From what I understand, that works because I have `krb5_auth = yes` in pam_winbind.conf, so the actual auth...
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = ye...
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>...
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CBC-CRC
>>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> pkinit_kdc_hostname = <DNS>
>>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>>> pkinit_eku_checking = kpServerAuth
>>> pkinit_win2k_require_binding = false
>>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>>
>>> [realms]
>>> EXAMPLE.COM = {
>>> kdc = kerberos.example.com
>>> admin_server = kerberos.example.com
>>>...
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...lt_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
and removed "krb5.keytab" too. You told me that my domain name is "jasondomaini" but it is wrong, My domain name is "jasondomain.jj" and backend is "jaso...
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5.conf is:
[libdefaults]
default_realm = EXAMPLE.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = ye...
2015 Jan 19
0
Did you get my previous email? Not Spam.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # pkinit_kdc_hostname = <DNS>
> # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> # pkinit_eku_checking = kpServerAuth
> # pkinit_win2k_require_binding = false
> # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Thank you so much and Please let me know your idea.
>
>
>
>
>
>
>...
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>...
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
> My krb5.conf is:
>
> [libdefaults]
> default_realm = EXAMPLE.LAN
> dns_lookup_realm = false
> dns_lookup_kdc = true
>...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.example.com
> }
> JASONDOMAIN.JJ = {
> auth_to_local = RULE:[1:$0\$1](^...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>> admin_server = kerberos.example.com
>> }
>> JASONDOMAIN.JJ = {
&...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...lt_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
JASONDOMAIN.JJ = {
auth_to_local = RULE:[1:$0\$1](^JASONDOMAIN\.JJ\\.*)s/^JASONDOMAIN\.JJ/JASONDOMAI...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.example.com
> }
> JASONDOMAIN.JJ = {
> auth_to_local = RULE:[1:$0\$1](^...
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>> admin_server = kerberos.example.com
>> }
>> JASONDOMAIN.JJ = {
&...
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote:
> On 04/01/15 10:17, Jason Long wrote:
>> Thanks a lot.
>> I enter the command and result is :
>>
>> Using short domain name -- JASONDOMAINI
>> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ'
>> but after run "net rpc testjoin" :
>>
>> Unable to find a suitable server for domain