search for: pkinit_eku_checking

Displaying 15 results from an estimated 15 matches for "pkinit_eku_checking".

2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...t support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf: ``` EXAMPLE.COM = { pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature pkinit_eku_checking = kpServerAuth pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so pkinit_kdc_hostname = example.com } [appdefaults] pam = { mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM } ``` >From what I understand, that works because I have `krb5_auth = yes` in pam_winbind.conf, so the actual auth...
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > My krb5.conf is: [libdefaults] default_realm = EXAMPLE.LAN dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = ye...
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_lookup_realm = false > dns_lookup_kdc = true >...
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CBC-CRC >>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >>> pkinit_kdc_hostname = <DNS> >>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >>> pkinit_eku_checking = kpServerAuth >>> pkinit_win2k_require_binding = false >>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >>> >>> [realms] >>> EXAMPLE.COM = { >>> kdc = kerberos.example.com >>> admin_server = kerberos.example.com >>>...
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...lt_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC pkinit_kdc_hostname = <DNS> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> pkinit_eku_checking = kpServerAuth pkinit_win2k_require_binding = false pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so and removed "krb5.keytab" too. You told me that my domain name is "jasondomaini" but it is wrong, My domain name is "jasondomain.jj" and backend is "jaso...
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > My krb5.conf is: [libdefaults] default_realm = EXAMPLE.LAN dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = ye...
2015 Jan 19
0
Did you get my previous email? Not Spam.
...-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > # pkinit_kdc_hostname = <DNS> > # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > # pkinit_eku_checking = kpServerAuth > # pkinit_win2k_require_binding = false > # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > Thank you so much and Please let me know your idea. > > > > > > >...
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_lookup_realm = false > dns_lookup_kdc = true >...
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> > My krb5.conf is: > > [libdefaults] > default_realm = EXAMPLE.LAN > dns_lookup_realm = false > dns_lookup_kdc = true >...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com > admin_server = kerberos.example.com > } > JASONDOMAIN.JJ = { > auth_to_local = RULE:[1:$0\$1](^...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> >> [realms] >> EXAMPLE.COM = { >> kdc = kerberos.example.com >> admin_server = kerberos.example.com >> } >> JASONDOMAIN.JJ = { &...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...lt_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC pkinit_kdc_hostname = <DNS> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> pkinit_eku_checking = kpServerAuth pkinit_win2k_require_binding = false pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } JASONDOMAIN.JJ = { auth_to_local = RULE:[1:$0\$1](^JASONDOMAIN\.JJ\\.*)s/^JASONDOMAIN\.JJ/JASONDOMAI...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC > pkinit_kdc_hostname = <DNS> > pkinit_anchors = DIR:/var/lib/pbis/trusted_certs > pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> > pkinit_eku_checking = kpServerAuth > pkinit_win2k_require_binding = false > pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so > > [realms] > EXAMPLE.COM = { > kdc = kerberos.example.com > admin_server = kerberos.example.com > } > JASONDOMAIN.JJ = { > auth_to_local = RULE:[1:$0\$1](^...
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...MAC DES-CBC-MD5 DES-CBC-CRC >> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC >> pkinit_kdc_hostname = <DNS> >> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs >> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL> >> pkinit_eku_checking = kpServerAuth >> pkinit_win2k_require_binding = false >> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so >> >> [realms] >> EXAMPLE.COM = { >> kdc = kerberos.example.com >> admin_server = kerberos.example.com >> } >> JASONDOMAIN.JJ = { &...
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote: > On 04/01/15 10:17, Jason Long wrote: >> Thanks a lot. >> I enter the command and result is : >> >> Using short domain name -- JASONDOMAINI >> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ' >> but after run "net rpc testjoin" : >> >> Unable to find a suitable server for domain