similar to: Does OpenSSH+GSSAPI interoperate between Heimdal and MIT?

I am trying to transition several HP/UX 11i (PA/RISC) servers from ssh.com over to OpenSSH+GSSAPI (3.9p1) and it's complaining about the GSSAPI include files: -=- gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/ssl/include -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -I/usr/local/krb5/include -DSSHDIR=\"/usr/local/etc\"

I am trying to compile OpenSSH 4.0p1 on a new Solaris 10 system using the OpenSSL that comes w/ the OS (0.9.7d) as well as MIT Krb5 1.4.1 (for various reasons we are not using Sun's Krb5 implementation): ./configure --prefix=/usr/local --with-kerberos5=/usr/local/krb5 --with-ssl-dir=/usr/sfw And it looks to be bombing here (adding in random support?): -=- gmake[1]: Entering directory

Andrew, thanks for answering. My ubuntu shows this: # systemctl | grep kr krb5-admin-server.service loaded active running Kerberos 5 Admin Server krb5-kdc.service loaded active running Kerberos 5 Key Distribution Center Should I disable both? 2017-04-23 12:39 GMT+02:00 Andrew Bartlett <abartlet at samba.org>: > On Sun,

Hi! I had to upgrade my PDC from 14.04 to 16.04 Ubuntu. The samba version stayed the same, but then some crazy miracles started to happen. 4.3.11+dfsg-0ubuntu0.16.04.6 I cannot log in now with my Windows machines, yet I can view the files on Linux using smbclient. My smb.conf [global] workgroup = Gsomething realm = BIURO.domain netbios name = PDC security = auto

OK, I've deleted everything what Rowland suggested. THANKS Now smb.conf looks like this [global] workgroup = GPMV realm = BIURO.domain netbios name = PDC server role = active directory domain controller dns forwarder = 192.168.0.252 max open files = 57000 full_audit:prefix = %u|%I|%m|%S full_audit:success = mkdir rename unlink rmdir pwrite full_audit:failure = none full_audit:facility =

On Sun, 2017-04-23 at 09:39 +0200, Jakub Kulesza via samba wrote: > this is what kerberos throws in auth.log when I try to log in with a > win2008 client: > > Apr 23 09:17:38 pdc kadmind[610]: closing down fd 31 > Apr 23 09:17:55 pdc krb5kdc[643]: AS_REQ (6 etypes {18 17 23 24 -135 > 3}) > 192.168.0.139: CLIENT_NOT_FOUND: qubix at GPMV for krbtgt/GPMV at GPMV, > Client

On Sun, 23 Apr 2017 11:40:45 +0200 Jakub Kulesza <jakkul+samba at gmail.com> wrote: > OK, I've deleted everything what Rowland suggested. THANKS > > Now smb.conf looks like this > > [netlogon] > path = /var/local/samba/var/lib/samba/netlogon > #path = /var/lib/samba/sysvol/biuro.domain/scripts Put netlogon back into sysvol and what happened to the

Hi, I'm running OpenSSH 3.8 & 3.9, compiled against Heimdal 0.6.3 for it's GSSAPI & AFS integration. A couple weeks ago, we upgraded our MIT KDC from (ugh) Kerberos 5 1.0.6 to the lastest and greatest 1.3.5. However, it seems that as part of the upgrade, our GSSAPI credentials passing in OpenSSH stopped working. Actually, didn't completely stop... You can still do a

Dear All, Would like some know the answer on the above question. What is the different between compiling using internal heimdal library vs mit-krb5. I'm on gentoo and thus like other distro having issue on the system-wide mit-krb and removing it is not that convenient (But still possible) I've try to compile samba 4.1.2 with internal heimdal library to work as a Domain controller But

On Mon, 2023-03-20 at 10:39 +0200, Alexander Bokovoy wrote: > Indeed. For the record, current set of tests not supported by > > --with-system-mitkrb5 build: > > > > ---------------------------------------- > > $ cat selftest/skip_mit_kdc > > # We do not support RODC yet > > .*rodc > > .*RODC > > ^samba4.ntvfs.cifs.ntlm.base.unlink >

My college is kerberized, and so in many situations authentication is both faster and more secure using kerberos tickets. Sadly I have run into a problem. The Heimdal included in FreeBSD seems to be incompatible with my school's servers running MIT kerberos when authenticating over gssapi. For example ssh in verbose mode returns: debug2: we sent a gssapi-with-mic packet, wait for reply

What is the difference between Heimdal and MIT as far usability goes? MIT seems to be the default on major linux distrobutions, but I here a lot about people preferring Heimdal, but I can't find any reasons why. Is one generally more stable/faster/reliable than the other? There is already a blank wiki page at http://wiki.samba.org/index.php/Samba_%26_Kerberos so if anyone has any good

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

I have previously gotten samba 3.0.4 to work with the MIT implementation, now with 3.0.7, the configure is looking for -lgssapi and not finding it. I can get the AD to issue me a kerberos ticket, samba is just complaining about not geing able to find the gssapi library. Does anyone have a tried-and-true approach using the ports system? Thanks, Graham

I have some problem whit Kerberos. OS: FreeBSD 5.3 Domain: W2k3 native mode. 1)I am Installing Heimdal 0.6.1 over port. Config /etc/krb5.conf %/usr/local/bin/kinit ivan ivan@NKMK.RU's Password: kinit: krb5_get_init_creds: Response too big for UDP, retry with TCP 2)Compile and install Heimdal 0.6.4 over source %/usr/local/bin/kinit ivan ivan@NKMK.RU's Password: kinit:

On Sun, 2023-03-19 at 09:29 +0200, Alexander Bokovoy via samba- technical wrote: > Hi, > > > I would be against a blended build against both MIT Kerberos and > Heimdal > Kerberos in a distribution. It is not going to bring you anything > good, > support wise. > > Andreas and I have submitted a talk to SambaXP about MIT > Kerberos/Heimdal Kerberos-based Samba AD

Hi! I already asked a similar question before, but it keeps popping up in different contexts and forms, and the more I use samba myself, the more often it comes to me too, especially in context of using various security tokens for auth. And the more I think about all this, the more sane it looks to me. The thing is: mit-krb5 has much better user-level support than heimdal. But samba does not

OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or

This is a resend, the first try got bounced because of the message size limit on the list. -------------- next part -------------- An embedded message was scrubbed... From: Damien Miller <damien at ibs.com.au> Subject: [Fwd: OpenSSH for UNIX] Date: Thu, 02 Dec 1999 10:52:38 +1100 Size: 73561 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/19991202/e81e7166/attachment.mht

Rather then implementing kafs in MIT Kerberos, I would like to suggest an alternative which has advantages to all parties. The OpenSSH sshd needs to do two things: (1) sets a PAG in the kernel, (2) obtains an AFS token storing it in the kernel. It can use the Kerberos credentials either obtained via GSSAPI delegation, PAM or other kerberos login code in the sshd. The above two