Hi Quinn, I just tried your solution (my machine is also multi-homed). However it doesn't work for me. The man-page of sshd_config also states, that the behavior of "GSSAPIStrictAcceptorCheck" may depend on the used krb5 libraries.
Could you please have a look at the krb5 and openssh versions you're using (and perhaps the linux distribution/version)? BTW: I'm running: Ubuntu 12.04 LTS openssh-server 5.9p1-5ubuntu1 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.1 auth.log mentions (during failed login): Unspecified GSS failure. Minor code may provide more information: Wrong principal in request Thanks, Marcel -----Ursprüngliche Nachricht----- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Dienstag, 10. Juli 2012 16:08 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved] Hi, I solved my ssh GSSAPI problem. There were a lot of solutions on google referring to a proper fqdn in the /etc/hosts file and having the fqdn's/principals in the kerberos server's keytab file but I found out that my problem was that the samba4/kerberos server was running on a multi-homed machine and that the ssh server kerberos authentication needed the following parameter in order for it to work on multi-homed machines: GSSAPIStrictAcceptorCheck no The default is yes, using "no" will, according to the manpage "clients may authenticate against any service key stored in the machine's default store." I hope this helps others that have similar setups as I do. Thank you all for your input. br, Quinn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba