Displaying 20 results from an estimated 2000 matches similar to: "How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?"
2012 Jul 12
2
nslcd service - "Client not found in Kerberos database"
Hi,
I am trying to configure the nslcd service on an Ubuntu client for kerberos
authentication against samba4. My /etc/nslcd.conf contains the following:
uid nslcd
gid nslcd
uri ldapi:///cofil01.mydomain.net
base dc=mydomain,dc=net
sasl_mech GSSAPI
krb5_ccname FILE:/tmp/host.tkt
I have added the host principal "host/ubuntu-test.mydomain.net @
MYDOMAIN.NET" to /etc/krb5.keytab on both
2012 Jul 10
2
How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]
Hi,
I solved my ssh GSSAPI problem. There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
machine and that the ssh server kerberos authentication needed the
following parameter in order
2012 Jul 12
8
Linux SSO with samba4?
Hi,
I think it is great that samba4 has a single sign on solution for Windows
platforms and it seems to work well too, but I am wondering is it possible
to do the same for a Linux environment? I have been studying how to
implement single sign on using the Ubuntu way through this document:
https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can
do the same with samba4 where the
2012 Jul 09
2
How do I join a samba 3 client to a samba 4 AD server?
Hi,
I have set up a standard samba4 server via
http://wiki.samba.org/index.php/Samba4/HOWTO and have tested that windows
machines can join the samba4 AD.
Now I am trying to join an Ubuntu machine to the same samba4 ad but it is
failing for me with the following message:
# net ADS JOIN -U Administrator
Enter Administrator's password:
Failed to join domain: failed to lookup DC info for domain
2012 Jul 11
1
splitting services in samba4
Question: Right now samba4 is great as in all-in-one solution (samba,
kerberos, ldap, dns) into one service.
Is it possible to split it up so that for example, I run openldap on one
server, kerberos on another server, and then dns/samba on a third server?
br,
Quinn
2012 Jul 13
1
Understanding kerberos principals in samba4
Hi,
When I have a service on a client that tries to use kerberos and I get
errors such as these in the log.samba file:
Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such
entry found in hdb
Does this mean that the kerberos authentication system is looking for the
principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" in samba4's domain
or in the
2019 Jan 15
4
SSH SSO without keytab file
Hai,
Lets start here.
Handy for us to know.
OS?
Samba version?
AD or member setup?
And I suggest, set this in the ssh server.
# GSSAPI options
GSSAPIAuthentication yes
Restart the ssh server and try to SSO login.
If its a AD server this should work.
Yes, you dont get home dir etc, end up in / after login, but lets check if this works.
Greetz,
Louis
> -----Oorspronkelijk
2012 Jul 09
1
upgrade
Hello list, I need update my samba, I run firtly ./configure.developer,
and when I run make I get this message
123/3913] Compiling lib/replace/replace.c
In file included from ../lib/replace/replace.c:26:
../lib/replace/replace.h:112:24: error: bsd/string.h: No such file or
directory
../lib/replace/replace.h:116:24: error: bsd/unistd.h: No such file or
directory
Waf: Leaving directory
2005 Apr 19
1
Large files timeout
I am trying to download a 200MB ISO file and each time I attempt to do
so it will timeout after around 30 MB. I've used both a Microsoft and a
FreeBSD tftp client with the same results. When PXE booting a pc and
letting it download the ISO it either hangs halfway through or the ISO
appears to be corrupted when trying to boot to it from ramdisk. I am
looking for suggestions on how to
2013 Jul 20
7
Failure to Launch (was override -q option)
Attached is the very verbose ssh output. Just to be perverse, this time two
nodes lost connectivity. The only thing I see is lines saying that the two
connections are lost, although being honest I have no idea what everything
else means. For reference, 8 ssh cinnections were being made at the same
time for a 8x8mpi task.
N.B., since the OS I am using does not have rsh, I am currently using the
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
Hi,
at first I'm not sure if this is the correct list to ask this question.
But since I'm using winbind I hope you can help me.
I try to realize a kerberized ssh from one client to another. Both
clients are member of subdom2.subdom1.example.de and joined to it. The
users are from example.de, where subdom1.example.de is a subdomain
(bidirectional trust) of example.de and
2008 Dec 12
4
[PATCH 1/1] COM32: lua - enable (parts of) liolib
Hi again,
the attached patch (re-)enables parts of lua's liolib.c, especially
io.write() for formatted output (similar to printf() ):
Example:
-- define printf() function
printf = function(s,...)
return io.write(s:format(...))
end -- function
printf("Hallo, this is hex %04x\n", 64321)
Bye,
Marcel
-------------- next part --------------
A non-text
2015 Sep 02
3
[Bug 2456] New: gssapi-keyex blocked by PermitRootLogin=without-password
https://bugzilla.mindrot.org/show_bug.cgi?id=2456
Bug ID: 2456
Summary: gssapi-keyex blocked by
PermitRootLogin=without-password
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
2015 Jul 29
3
Updating from 6.6 - 6.9 SSH
No I'm referring to "sshd -ddd" (preferrable on a high port like -p
8080 so you don't break your current ability to connect to the
machine). As clearly the server is rejecting it. And only the server
side debug can tell us that.
- Ben
Nick Stanoszek wrote:
> I am using an AWS ubuntu 14.04 server...is that what you are asking?
>
> On Tue, Jul 28, 2015 at 10:00 PM,
2016 Nov 16
4
long delay when logging in
I have a CentOS 7 system and when I login with putty or ssh there is a
long delay before I get the password prompt. I ran ssh -v and I found
that it gets up to this:
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
and then
2015 Aug 19
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi Trever,
things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour:
root at ubuntu1:~# kinit user09999
user09999 at S4DOM.TEST's Password:
root at ubuntu1:~# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Principal: user09999 at S4DOM.TEST
Cache version: 4
Server: krbtgt/S4DOM.TEST at
2015 Nov 03
3
SSH login between servers still asking for password, why?
I have two servers identified as `server-1 - 192.168.3.128` and `server-2 -
192.168.3.130`. I am setting up `capifony` for automatic deployment from
server-1 to server-2 and this is what I have done so far:
1. In both servers I have created a user `deploy` without password since
that's the user I will use for deployment.
2. In server-1 I setup a SSH keys by running the command:
2015 Sep 01
5
Samba 4 and MS Windows NFS Server (2012R2) - Update
Hi again,
I just started to debug things on the samba4 side:
When trying to mount the Windows NFS share, I get the following error on
the samba4 dc (just grepping for nfs in the logs):
auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[]
map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation []
2015 Aug 18
2
Samba 4 DC - no AES kerberos tickets - only arcfour
Hi,
I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“:
# kinit testuser1
testuser1 at S4DOM.TEST's Password:
# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Ticket etype: arcfour-hmac-md5, kvno 1
I can create keytabs containing
2016 May 17
3
google cloud compute with PEM file
On Tue, 17 May 2016 13:59:18 -0600
Dustin Kempter wrote:
> Is there something I missed?
ssh -v serveryouwanttoconnectto
That will tell you what the problem is.
If you don't understand the output, post it here.
--
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com