Displaying 18 results from an estimated 18 matches for "pkinit_identity".
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
Hi folks,
I've ran into an interesting issue when I was trying to set up Winbind client to use smart card for authentication.
>From what I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
2023 Jul 14
1
Samba 4 AD SmartCard Authentication Problem
...okup_kdc = true pkinit_anchors =
FILE:/var/lib/samba/private/tls/ca.pem [appdefaults] pkinit_anchors =
FILE:/var/lib/samba/private/tls/ca.pem [realms] TEST.EXAMPLE.DE = {
default_domain = test.example.de pkinit_require_eku = true }
[domain_realm] dc0 = TEST.EXAMPLE.DE [kdc] enable-pkinit = yes
pkinit_identity =
FILE:/var/lib/samba/private/tls/dc0-cert.pem,/var/lib/samba/private/tls/secure/dc0-privkey.pem
pkinit_anchors = FILE:/var/lib/samba/private/tls/ca.pem pkinit_revoke =
FILE:/var/lib/samba/private/tls/inter.crl,/var/lib/samba/private/tls/root.crl
pkinit_principal_in_certificate = yes pkinit_win...
2013 Nov 27
0
complicated svn, apache, krb5 and selinux problem
CentOS 6.4.
We've got a subversion repo on a server. Currently, it's set to use krb5.
Trouble is, the krb5.conf is set up to use pcscd authentication (using PIV
cards). Whether anything else on the server needs it, it appears that when
people issue certain svn commands (I haven't nailed down which), the thing
tries to look at the pcscd.pid... and selinux complains that this is
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 07/01/15 10:51, Jason Long wrote:
> Thank you.
> I changed my "krb5.conf" as below :
>
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = JASONDOMAIN.JJ
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
On 09/01/15 08:40, Jason Long wrote:
> Thanks.
> I'm confused. Can I paste "set" command on windows for you?
> "jason" account is administrator and can join and dis-join any computer.
>
> Cheers.
>
>
>
> On Wednesday, January 7, 2015 2:59 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:
> On 07/01/15 10:51, Jason Long wrote:
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 06/01/15 06:17, Jason Long wrote:
> Thanks.
> My domain name is "jasondomain.jj" and backend is "jasondomaini".
No, your realm name is "jasondomain.jj" and it would seem that your
domain name is "jasondomaini", the domain name can also be known as the
'workgroup' name.
Set smb.conf to match this:
[global]
workgroup =
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thank you.
I changed my "krb5.conf" as below :
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = JASONDOMAIN.JJ
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
default_keytab_name = /etc/krb5.keytab
default_tgs_enctypes =
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thanks.
I'm confused. Can I paste "set" command on windows for you?
"jason" account is administrator and can join and dis-join any computer.
Cheers.
On Wednesday, January 7, 2015 2:59 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:
On 07/01/15 10:51, Jason Long wrote:
> Thank you.
> I changed my "krb5.conf" as below :
>
>
>
2020 Nov 19
1
Smartcard logon
.../var/lib/samba/private/tls/ca.pem
>
> [appdefaults]
> pkinit_anchors = FILE:/var/lib/samba/private/tls/ca.pem
>
> [realms]
> SVITLA3.ROOM = {
> pkinit_require_eku = true
> }
>
> [kdc]
> enable-pkinit = yes
> pkinit_identity =
> FILE:/var/lib/samba/private/tls/cert.pem,/var/lib/samba/private/tls/key.pem
> pkinit_anchors = FILE:/var/lib/samba/private/tls/ca.pem
> pkinit_principal_in_certificate = yes
> pkinit_win2k = no
> pkinit_win2k_require_binding = yes
>
> Could y...
2015 Jan 19
0
Did you get my previous email? Not Spam.
On 19/01/15 06:11, Jason Long wrote:
> Hi.
> Thank you.
>
> [root at printmah ~]# hostname
> printmah
>
> [root at printmah ~]# hostname -d
> jasondomain.jj
>
> [root at printmah ~]# hostname -f
> printmah.jasondomain.jj
>
> [root at printmah ~]# hostname -i
>
> 127.0.0.1
>
> [root at printmah ~]# net ads info -I 172.30.9.1 | grep [R]ealm
>
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thank you.
I'm really sorry Bro.
You right, When I get properties from AD, "Domain name(Pre-Windows 2000)" is "JASONDOMAINI". I'm sorry :( but when I want to join a Windows client to my domain I use "JASONDOMAIN.JJ" !!!!
I guess that we must change SAMBA configuration.
Cheers.
On Friday, January 9, 2015 1:55 AM, Rowland Penny <rowlandpenny at
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thank you.
I'm really sorry Bro.
You right, When I get properties from AD, "Domain name(Pre-Windows 2000)" is "JASONDOMAINI". I'm sorry :( but when I want to join a Windows client to my domain I use "JASONDOMAIN.JJ" !!!!
I guess that we must change SAMBA configuration.
Cheers.
On Friday, January 9, 2015 1:55 AM, Rowland Penny <rowlandpenny at
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 05/01/15 07:02, Jason Long wrote:
> Thanks a lot.
> I changed the below lines to correct domain name :
>
> idmap config JASONDOMAIN : range = 10000-999999
> idmap config JASONDOMAIN : schema_mode = rfc2307
>
> and after join, the command "net rpc testjoin" show same error :
>
> Unable to find a suitable server for domain JASONDOMAINI
> Join to domain
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 05/01/15 11:09, Jason Long wrote:
>
>
> Thank you.
>
> My Windows is Windows server 2008 R2.
> About realm name, My domain name is "JASONDOMAIN.JJ".
> My Windows not have any Workgroup Name. It is Domain.
>
>
> Thanks
>
>
>
>
> On Monday, January 5, 2015 1:05 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:
> On 05/01/15
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thanks a lot.
I changed the below lines to correct domain name :
idmap config JASONDOMAIN : range = 10000-999999
idmap config JASONDOMAIN : schema_mode = rfc2307
and after join, the command "net rpc testjoin" show same error :
Unable to find a suitable server for domain JASONDOMAINI
Join to domain 'JASONDOMAINI' is not valid: NT_STATUS_UNSUCCESSFUL
I have an idea and I guess
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thank you.
My Windows is Windows server 2008 R2.
About realm name, My domain name is "JASONDOMAIN.JJ".
My Windows not have any Workgroup Name. It is Domain.
Thanks
On Monday, January 5, 2015 1:05 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:
On 05/01/15 07:02, Jason Long wrote:
> Thanks a lot.
> I changed the below lines to correct domain name :
>
>
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
Thanks.
My domain name is "jasondomain.jj" and backend is "jasondomaini".
On Monday, January 5, 2015 3:48 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:
On 05/01/15 11:09, Jason Long wrote:
>
>
> Thank you.
>
> My Windows is Windows server 2008 R2.
> About realm name, My domain name is "JASONDOMAIN.JJ".
> My Windows not have
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote:
> On 04/01/15 10:17, Jason Long wrote:
>> Thanks a lot.
>> I enter the command and result is :
>>
>> Using short domain name -- JASONDOMAINI
>> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ'
>> but after run "net rpc testjoin" :
>>
>> Unable to find a suitable server for domain