ess some
> samba core developer needs to have a look at this.
>
> But the only principal I ever encountered, that needed to be
> upper case was the HTTP/ one ...
>
> Hope this helps,
> Marcel
>
>
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.or
rg] Im
Auftrag von Quinn Plattel
Gesendet: Donnerstag, 19. Juli 2012 16:23
An: samba
Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's
kerberos GSSAPI? [Solved]
Hi,
Using the following tutorials:
https://help.ubuntu.com/community/SingleSignOn
https://help.ubuntu.com
Hi,
Using the following tutorials:
https://help.ubuntu.com/community/SingleSignOn
https://help.ubuntu.com/community/Kerberos
I have now managed to get passwordless ssh logins via kerberos working
(without using the /etc/ssh/sshd_config parameter
"GSSAPIStrictAcceptorCheck no") on a normal kerbero
I think I take this back. This more a workaround than a solution. The
workaround makes sshd use any principal found in the database, but a proper
kerberos setup would look for the client's hostname principal only.
The search goes on for a proper samba4 kerberos setup. :-)
br,
Quinn
On Tue, Jul
cht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
Im Auftrag von Quinn Plattel
Gesendet: Dienstag, 10. Juli 2012 16:08
An: samba
Betreff: Re: [Samba] How do I get an ssh client to authenticate with
samba4's kerberos GSSAPI? [Solved]
Hi,
I solved my ssh GSSA
g [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Quinn Plattel
Gesendet: Mittwoch, 11. Juli 2012 10:08
An: samba
Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's
kerberos GSSAPI? [Solved]
Btw, forgot to mention, when testing, make sure on the client you do a "
libkrb5-3 1.10+dfsg~beta1-2ubuntu0.1
>>
>> auth.log mentions (during failed login):
>> Unspecified GSS failure.
>> Minor code may provide more information:
>> Wrong principal in request
>>
>> Thanks,
>> Marcel
>>
&
de more information:
> Wrong principal in request
>
> Thanks,
> Marcel
>
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
> Im Auftrag von Quinn Plattel
> Gesendet: Dienstag, 10. Juli 2012 16:08
>
nor code may provide more information:
Wrong principal in request
Thanks,
Marcel
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Quinn Plattel
Gesendet: Dienstag, 10. Juli 2012 16:08
An: samba
Betreff: Re: [Samba] H
Hi,
I solved my ssh GSSAPI problem. There were a lot of solutions on google
referring to a proper fqdn in the /etc/hosts file and having the
fqdn's/principals in the kerberos server's keytab file but I found out that
my problem was that the samba4/kerberos server was running on a multi-homed
mach
Very interesting. ssh does seem to authenticate via GSSAPI even though it
reports failure.
ssh does ask for password every time but it always tries to authenticate
with GSSAPI before trying pam. I found out that my kerberous/samba4
password worked as well as my pam password and they are two diff
Hi,
Ok, I managed to find some more debugging info.
When I kinit on the client, log.samba on the server reports (I put spaces
around every "@" so that the list does not interpret them as e-mail
addresses):
Kerberos: AS-REQ user @ MYDOMAIN.NET from ipv4:10.45.1.55:51790 for
krbtgt/MYDOMAIN.NET
Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Quinn Plattel
Gesendet: Montag, 9. Juli 2012 15:17
An: samba
Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's
kerberos GSSAPI?
Hi,
Forgot to mention that th
Hi,
Forgot to mention that the client side's ssh configuration
(/etc/ssh/ssh_config) has the following lines:
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPITrustDns yes
The server side ssh configuration (/etc/ssh/sshd_config) has the following
lines:
GSSAPIAuthentic
Hi,
I am doing some kerberos testing with samba4 using ssh. I have setup
samba4 using the howto at http://wiki.samba.org/index.php/Samba4/HOWTO and
active directory seems to be working both with Windows and Linux clients.
ssh unfortunately is not kerberos authenticating via GSSAPI. The client
kr
15 matches
Mail list logo