similar to: Question about GSSAPI with OpenSSH 4.2p1

Hi, at first I'm not sure if this is the correct list to ask this question. But since I'm using winbind I hope you can help me. I try to realize a kerberized ssh from one client to another. Both clients are member of subdom2.subdom1.example.de and joined to it. The users are from example.de, where subdom1.example.de is a subdomain (bidirectional trust) of example.de and

I seem to be having the same issue as https://lists.samba.org/archive/samba/2012-December/170426.html. I don't see that he ever reached a solution. Nov 20 16:02:58 appdb01-qa sshd[31622]: debug1: Unspecified GSS failure. Minor code may provide more information\nNo key table entry found matching host/appdb01-qa.mediture.dom@\n Nov 20 16:02:58 appdb01-qa sshd[31623]: debug1:

Hi all, I'm really struggling with getting Kerberos authentication to work between a FreeBSD host and a Linux host. I'm using the latest 6- STABLE code on the FreeBSD box, I've got forwardable Kerberos tokens (verified with "klist -f") and Kerberos and ssh are working fine in all other ways, but I can't get the Linux box to accept the Kerberos ticket as

I think I had better update akk the kerberos and gssapi to the latest? Please advise. Thanks Tedc ssh -vvv admin at geronimo.creedon.biz <<<<<<<<snip>>>>>>>>> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /root/.ssh/identity ((nil)) debug2: key: /root/.ssh/id_rsa (0x568da0) debug2: key:

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client krb5.conf contains this: ===================================================== [libdefaults]

I'm trying to get gssapi-with-mic to work but the enabled field in the method struct is disabled I.e. The gssapi-with-mic enable field s not enabled in in the *method struct; it fails at: if (authmethod_is_enabled(method)) in the authmethod_is_enabled(method) function call using ddd , OpenSSH 5.2.p1, Linux 2.6.22.5-31 (SuSE 10.2) Questiion - what enables gssapi-with-mic? Thanks tedc

I try to get Samba 4 with ssh running. I found in the Script from Matthieu Patou tot he sysvol sync the follwing intresting line. --- kinit -k -t /etc/krb5.keytab `hostname -s | tr "[:lower:]" "[:upper:]"`\$ rsync -X -u -a $dc_account_name\$@${dc}.${domain}:$SYSVOL $STAGING --- when i understand correct he uses the domain controller service principle to connect to the

Hello, I'm trying to find clues on what may have changed for GSSAPI (Kerberos) authentication between OpenSSH 5.1p1 and 5.2p1. We have been using GSSAPI authentication for ssh for about 18 months with no problem with the OpenSSH build that is bundled with the FreeBSD operating system. All of those machines have OpenSSH 5.1p1. Last week I upgraded one of the servers to FreeBSD 8.0-BETA1

Hi, I am seeing a rather strange issue with openssh-5.3p1 (both client and server) under scientific linux 6. The systems in question are set up to authenticate against a Kerberos server. ssh'ing between machines works fine 99% of the time with the gssapi-with-mic method. But on occasion an ssh session will fail to spawn a sheel for the user after authentication. An example -vvv output in this

Hello friends, I am having some problems using sftp to reach a HMC IBM system. The connection is suddenly closed and I don't why. Actually I don't know exactly how to read all these debug information. I would be very glad with any help on this topic. Here is the full debug output provided from the command execution: otubo at phoenix ~ $ sftp -vvv hscroot at skiper Connecting to

Dear developers, to my previous post I have some additional info. I just erased all the krb5 data and set it up from scratch. Now the message in sshd debug changed to: debug1: Miscellaneous failure (see text) Decrypt integrity check failed debug1: Got no client credentials Failed gssapi-with-mic for komanek .... So it seems the problem is somewhere in the kerberos, not in openssh. Is here

I have a freshly installed FreeBSD 6.0-BETA1 system, which comes with Heimdal & OpenSSH w/GSSAPI enabled (version 4.1p1 FreeBSD-20050605) Most of the servers I connect to have OpenSSH w/GSSAPI enabled but they use MIT Kerberos (1,3.x and 1.4.x) Now, I can use ticket authentication between all systems where the libraries are all the same (Heimdal or MIT), but trying to use, for example,

I have two servers identified as `server-1 - 192.168.3.128` and `server-2 - 192.168.3.130`. I am setting up `capifony` for automatic deployment from server-1 to server-2 and this is what I have done so far: 1. In both servers I have created a user `deploy` without password since that's the user I will use for deployment. 2. In server-1 I setup a SSH keys by running the command:

I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this: debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received and then

Hi Openssh support, I have upgraded openssh from 5.3p1 to 6.2p2 in a RHEL 6.6 - 64 bit server and now i can't login to server remotely using same root password. It always prompting the password saying "Permission denied, please try again." Please help me to resolve the issue. Following are the steps i have followd.

Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11. I've also got MIT Kerberos for Windows installed on the client, and Leash shows that my tickets ARE forwardable. Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and OpenSSH 4.0p1. I've created two AD accounts, and extracted keys mapped to "host/hostname.domainname.com at REALM.COM" and

My college is kerberized, and so in many situations authentication is both faster and more secure using kerberos tickets. Sadly I have run into a problem. The Heimdal included in FreeBSD seems to be incompatible with my school's servers running MIT kerberos when authenticating over gssapi. For example ssh in verbose mode returns: debug2: we sent a gssapi-with-mic packet, wait for reply

Hello, everybody. I have encountered some strange situations that are driving me crazy. I have 2 DCs which using sernet samba, version 4.7.6. and I use a samba version 4.6.2 as a domain member for file sharing in CentOS7.4. The domain member works well as a file server, but When I login to that domain member using AD authtication. Sometimes, It works OK too, but sometime , I can't login that

It took me a while to track this down. I am using MIT Kerberos 1.4.3 and libgssapi-0.7. With some patches that came with Suse 10, but that doesn't appear to be relevant. I have been using openssh-4.2p1 (with Simon's patches) and openssh-4p3p2 out of the box. I see the same problem no matter which version of openssh I am using. I am using two Suse Linux x86 boxes as a test