Displaying 16 results from an estimated 16 matches for "pkinit_kdc_hostnam".
Did you mean:
pkinit_kdc_hostname
2023 Nov 02
2
Issues with AD trusts and UID/GID ranges
...STOMER.TLD = {
kdc = ad.customer.tld
admin_server = ad.customer.tld
default_domain = customer.tld
pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem
pkinit_cert_match = <KU>digitalSignature
pkinit_kdc_hostname = ad.customer.tld
}
CORPORATE.TLD = {
kdc = ad.corporate.tld
admin_server = ad.corporate.tld
default_domain = corporate.tld
pkinit_anchors = FILE:/etc/pki/nssdb/certificate.pem
pkinit_cert_match = <...
2020 Nov 20
0
Smartcard logon issue with pam_winbind and Kerberos auth
...rb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf:
```
EXAMPLE.COM = {
pkinit_cert_match = &&<EKU>msScLogin,<KU>digitalSignature
pkinit_eku_checking = kpServerAuth
pkinit_identities = PKCS11:/usr/lib64/pkcs11/opensc-pkcs11.so
pkinit_kdc_hostname = example.com
}
[appdefaults]
pam = {
mappings = ^EXAMPLE\\(.*)$ $1 at EXAMPLE.COM
}
```
>From what I understand, that works because I have `krb5_auth = yes` in pam_winbind.conf, so the actual auth is done by libkrb5.
But I had even bigger surprise when I found out that when Winbind is offli...
2015 Jan 07
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...yes
> default_keytab_name = /etc/krb5.keytab
> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5....
2015 Jan 09
4
Use Samba with ACL for read Active Directory and set Permissions via it.
..._keytab_name = /etc/krb5.keytab
>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs...
2015 Jan 06
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...etc/krb5.keytab
>>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>>> pkinit_kdc_hostname = <DNS>
>>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>>> pkinit_eku_checking = kpServerAuth
>>> pkinit_win2k_require_binding = false
>>> pkinit_identities = PKCS11:/op...
2015 Jan 07
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...etime = 7d
forwardable = yes
default_keytab_name = /etc/krb5.keytab
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
and removed "krb5.keytab"...
2015 Jan 09
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...yes
> default_keytab_name = /etc/krb5.keytab
> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
My krb5....
2015 Jan 19
0
Did you get my previous email? Not Spam.
...default_keytab_name = /etc/krb5.keytab
> # default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> # pkinit_kdc_hostname = <DNS>
> # pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> # pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> # pkinit_eku_checking = kpServerAuth
> # pkinit_win2k_require_binding = false
> # pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>...
2015 Jan 12
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._keytab_name = /etc/krb5.keytab
>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs...
2015 Jan 10
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._keytab_name = /etc/krb5.keytab
>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
...yes
> default_keytab_name = /etc/krb5.keytab
> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [rea...
2015 Jan 05
2
Use Samba with ACL for read Active Directory and set Permissions via it.
..._keytab_name = /etc/krb5.keytab
>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...etime = 7d
forwardable = yes
default_keytab_name = /etc/krb5.keytab
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
[realms]
EXAMPLE.COM = {
kdc = kerbero...
2015 Jan 05
0
Use Samba with ACL for read Active Directory and set Permissions via it.
...yes
> default_keytab_name = /etc/krb5.keytab
> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
> pkinit_kdc_hostname = <DNS>
> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
> pkinit_eku_checking = kpServerAuth
> pkinit_win2k_require_binding = false
> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs11.so
>
> [rea...
2015 Jan 06
0
Use Samba with ACL for read Active Directory and set Permissions via it.
..._keytab_name = /etc/krb5.keytab
>> default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
>> pkinit_kdc_hostname = <DNS>
>> pkinit_anchors = DIR:/var/lib/pbis/trusted_certs
>> pkinit_cert_match = &&<EKU>msScLogin<PRINCIPAL>
>> pkinit_eku_checking = kpServerAuth
>> pkinit_win2k_require_binding = false
>> pkinit_identities = PKCS11:/opt/pbis/lib64/libpkcs...
2015 Jan 04
2
Use Samba with ACL for read Active Directory and set Permissions via it.
On 04/01/15 13:00, Rowland Penny wrote:
> On 04/01/15 10:17, Jason Long wrote:
>> Thanks a lot.
>> I enter the command and result is :
>>
>> Using short domain name -- JASONDOMAINI
>> Joined 'PRINTMAH' to dns domain 'JASONDOMAIN.JJ'
>> but after run "net rpc testjoin" :
>>
>> Unable to find a suitable server for domain