similar to: How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Hi, I am trying to configure the nslcd service on an Ubuntu client for kerberos authentication against samba4. My /etc/nslcd.conf contains the following: uid nslcd gid nslcd uri ldapi:///cofil01.mydomain.net base dc=mydomain,dc=net sasl_mech GSSAPI krb5_ccname FILE:/tmp/host.tkt I have added the host principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" to /etc/krb5.keytab on both

Hi, I solved my ssh GSSAPI problem. There were a lot of solutions on google referring to a proper fqdn in the /etc/hosts file and having the fqdn's/principals in the kerberos server's keytab file but I found out that my problem was that the samba4/kerberos server was running on a multi-homed machine and that the ssh server kerberos authentication needed the following parameter in order

Hi, I think it is great that samba4 has a single sign on solution for Windows platforms and it seems to work well too, but I am wondering is it possible to do the same for a Linux environment? I have been studying how to implement single sign on using the Ubuntu way through this document: https://help.ubuntu.com/community/SingleSignOn and I am wondering if I can do the same with samba4 where the

Hi, I have set up a standard samba4 server via http://wiki.samba.org/index.php/Samba4/HOWTO and have tested that windows machines can join the samba4 AD. Now I am trying to join an Ubuntu machine to the same samba4 ad but it is failing for me with the following message: # net ADS JOIN -U Administrator Enter Administrator's password: Failed to join domain: failed to lookup DC info for domain

Question: Right now samba4 is great as in all-in-one solution (samba, kerberos, ldap, dns) into one service. Is it possible to split it up so that for example, I run openldap on one server, kerberos on another server, and then dns/samba on a third server? br, Quinn

Hi, When I have a service on a client that tries to use kerberos and I get errors such as these in the log.samba file: Kerberos: UNKNOWN -- host/ubuntu-test.mydomain.net @ MYDOMAIN.NET: no such entry found in hdb Does this mean that the kerberos authentication system is looking for the principal "host/ubuntu-test.mydomain.net @ MYDOMAIN.NET" in samba4's domain or in the

Hai, Lets start here. Handy for us to know. OS? Samba version? AD or member setup? And I suggest, set this in the ssh server. # GSSAPI options GSSAPIAuthentication yes Restart the ssh server and try to SSO login. If its a AD server this should work. Yes, you dont get home dir etc, end up in / after login, but lets check if this works. Greetz, Louis > -----Oorspronkelijk

Hello list, I need update my samba, I run firtly ./configure.developer, and when I run make I get this message 123/3913] Compiling lib/replace/replace.c In file included from ../lib/replace/replace.c:26: ../lib/replace/replace.h:112:24: error: bsd/string.h: No such file or directory ../lib/replace/replace.h:116:24: error: bsd/unistd.h: No such file or directory Waf: Leaving directory

I am trying to download a 200MB ISO file and each time I attempt to do so it will timeout after around 30 MB. I've used both a Microsoft and a FreeBSD tftp client with the same results. When PXE booting a pc and letting it download the ISO it either hangs halfway through or the ISO appears to be corrupted when trying to boot to it from ramdisk. I am looking for suggestions on how to

Attached is the very verbose ssh output. Just to be perverse, this time two nodes lost connectivity. The only thing I see is lines saying that the two connections are lost, although being honest I have no idea what everything else means. For reference, 8 ssh cinnections were being made at the same time for a 8x8mpi task. N.B., since the OS I am using does not have rsh, I am currently using the

Hi, at first I'm not sure if this is the correct list to ask this question. But since I'm using winbind I hope you can help me. I try to realize a kerberized ssh from one client to another. Both clients are member of subdom2.subdom1.example.de and joined to it. The users are from example.de, where subdom1.example.de is a subdomain (bidirectional trust) of example.de and

Hi again, the attached patch (re-)enables parts of lua's liolib.c, especially io.write() for formatted output (similar to printf() ): Example: -- define printf() function printf = function(s,...) return io.write(s:format(...)) end -- function printf("Hallo, this is hex %04x\n", 64321) Bye, Marcel -------------- next part -------------- A non-text

https://bugzilla.mindrot.org/show_bug.cgi?id=2456 Bug ID: 2456 Summary: gssapi-keyex blocked by PermitRootLogin=without-password Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd

No I'm referring to "sshd -ddd" (preferrable on a high port like -p 8080 so you don't break your current ability to connect to the machine). As clearly the server is rejecting it. And only the server side debug can tell us that. - Ben Nick Stanoszek wrote: > I am using an AWS ubuntu 14.04 server...is that what you are asking? > > On Tue, Jul 28, 2015 at 10:00 PM,

I have a CentOS 7 system and when I login with putty or ssh there is a long delay before I get the password prompt. I ran ssh -v and I found that it gets up to this: debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received and then

Hi Trever, things improved after resetting user/machine passwords, however only the session key is using aes256 now, the ticket itself is still arcfour: root at ubuntu1:~# kinit user09999 user09999 at S4DOM.TEST's Password: root at ubuntu1:~# klist -v Credentials cache: FILE:/tmp/krb5cc_0 Principal: user09999 at S4DOM.TEST Cache version: 4 Server: krbtgt/S4DOM.TEST at

I have two servers identified as `server-1 - 192.168.3.128` and `server-2 - 192.168.3.130`. I am setting up `capifony` for automatic deployment from server-1 to server-2 and this is what I have done so far: 1. In both servers I have created a user `deploy` without password since that's the user I will use for deployment. 2. In server-1 I setup a SSH keys by running the command:

Hi again, I just started to debug things on the samba4 side: When trying to mount the Windows NFS share, I get the following error on the samba4 dc (just grepping for nfs in the logs): auth_check_password_send: Checking password for unmapped user [S5DOM.TEST]\[nfs/nfsclient.mydom.test]@[] map_user_info_cracknames: Mapping user [MYDOM.TEST]\[nfs/nfsclient.mydom.test] from workstation []

Hi, I’ve been running a samba 4 DC for quite some time now, and while testing some kerberos related stuff, I noticed that all kerberos tickets I can get from the DC are of encryption type ?arcfour-hmac-md5“: # kinit testuser1 testuser1 at S4DOM.TEST's Password: # klist -v Credentials cache: FILE:/tmp/krb5cc_0 Ticket etype: arcfour-hmac-md5, kvno 1 I can create keytabs containing

On Tue, 17 May 2016 13:59:18 -0600 Dustin Kempter wrote: > Is there something I missed? ssh -v serveryouwanttoconnectto That will tell you what the problem is. If you don't understand the output, post it here. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com