Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

ess some > samba core developer needs to have a look at this. > > But the only principal I ever encountered, that needed to be > upper case was the HTTP/ one ... > > Hope this helps, > Marcel > > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.or

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

rg] Im Auftrag von Quinn Plattel Gesendet: Donnerstag, 19. Juli 2012 16:23 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved] Hi, Using the following tutorials: https://help.ubuntu.com/community/SingleSignOn https://help.ubuntu.com

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

Hi, Using the following tutorials: https://help.ubuntu.com/community/SingleSignOn https://help.ubuntu.com/community/Kerberos I have now managed to get passwordless ssh logins via kerberos working (without using the /etc/ssh/sshd_config parameter "GSSAPIStrictAcceptorCheck no") on a normal kerbero

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

I think I take this back. This more a workaround than a solution. The workaround makes sshd use any principal found in the database, but a proper kerberos setup would look for the client's hostname principal only. The search goes on for a proper samba4 kerberos setup. :-) br, Quinn On Tue, Jul

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

cht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Dienstag, 10. Juli 2012 16:08 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved] Hi, I solved my ssh GSSA

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

g [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Mittwoch, 11. Juli 2012 10:08 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved] Btw, forgot to mention, when testing, make sure on the client you do a "

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

libkrb5-3 1.10+dfsg~beta1-2ubuntu0.1 >> >> auth.log mentions (during failed login): >> Unspecified GSS failure. >> Minor code may provide more information: >> Wrong principal in request >> >> Thanks, >> Marcel >> &

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

de more information: > Wrong principal in request > > Thanks, > Marcel > > -Ursprüngliche Nachricht- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] > Im Auftrag von Quinn Plattel > Gesendet: Dienstag, 10. Juli 2012 16:08 >

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

nor code may provide more information: Wrong principal in request Thanks, Marcel -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Dienstag, 10. Juli 2012 16:08 An: samba Betreff: Re: [Samba] H

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]

Hi, I solved my ssh GSSAPI problem. There were a lot of solutions on google referring to a proper fqdn in the /etc/hosts file and having the fqdn's/principals in the kerberos server's keytab file but I found out that my problem was that the samba4/kerberos server was running on a multi-homed mach

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Very interesting. ssh does seem to authenticate via GSSAPI even though it reports failure. ssh does ask for password every time but it always tries to authenticate with GSSAPI before trying pam. I found out that my kerberous/samba4 password worked as well as my pam password and they are two diff

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Hi, Ok, I managed to find some more debugging info. When I kinit on the client, log.samba on the server reports (I put spaces around every "@" so that the list does not interpret them as e-mail addresses): Kerberos: AS-REQ user @ MYDOMAIN.NET from ipv4:10.45.1.55:51790 for krbtgt/MYDOMAIN.NET

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Montag, 9. Juli 2012 15:17 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? Hi, Forgot to mention that th

Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Hi, Forgot to mention that the client side's ssh configuration (/etc/ssh/ssh_config) has the following lines: GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPITrustDns yes The server side ssh configuration (/etc/ssh/sshd_config) has the following lines: GSSAPIAuthentic

[Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI?

Hi, I am doing some kerberos testing with samba4 using ssh. I have setup samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and active directory seems to be working both with Windows and Linux clients. ssh unfortunately is not kerberos authenticating via GSSAPI. The client kr