Hi,
I know the issue means the client (or name of the client) is wrong, but I
can't figure out why, and I attempt to create it using the commands, keytab
looks fine, and I have another server working, but on a previous version.
So I'm stuck...
Environnemet is an AD with a child domain, eg example
On Tue, Sep 12, 2017 at 2:26 PM, Jeremy Monnet wrote:
>
> Hi,
>
> I know the issue means the client (or name of the client) is wrong, but I
> can't figure out why, and I attempt to create it using the commands, keytab
> looks fine, and I have another server working, bu
Hi,
I have that error message that I do not understand, because I have 2 ubuntu
servers setup the same way (but 1 ubuntu 14.04 and 1 ubuntu 16.04). Ubuntu
14 is working fine, I can authenticate and sudo just fine, Ubuntu 16 can
list users and groups but I cannot authenticate nor sudo. And I see in
Hi,
I am trying to setup an authentication against Active Directory, with
multiple domains, and I haven't been able to find the recommended way to do
it (it is very possible I missed it...), so I am looking for explanation
and advice.
With a master domain example.com, and subdomains sub1.example.
On Mon, Oct 23, 2017 at 3:29 PM, Jakub Hrozek wrote:
> On Mon, Oct 23, 2017 at 10:11:50AM +0200, Jeremy Monnet wrote:
> > Hi,
> >
> >
> >
> > On Sat, Oct 21, 2017 at 8:56 PM, Jakub Hrozek
> wrote:
> >
> > > On Fri, Oct 20, 2017 a
On Mon, Oct 23, 2017 at 4:55 PM, Jeremy Monnet wrote:
>
>> This sounds wrong:
>> [sdap_kinit_send] (0x0400): Attempting kinit (default,
>> host/.., ., 86400)
>> with AD, you normally want to use the SHORTNAME$REALM principal, not the
>> host/hostname princi
Hi,
On Tue, Oct 24, 2017 at 10:03 PM, Jakub Hrozek wrote:
> >
> > On these 2 servers, authentication works for testu...@sub1.example.com.
> I
> > can authenticate with my_u...@example.com on the ubuntu 14 with sssd
> > 1.11.But I cannot authenticate with my_u...@example.com on the ubuntu 16
> >
Hi,
Nobody has a clue on the best practices for AD domains with trust ? :-(
Regs,
Jeremy
On Mon, Oct 23, 2017 at 10:29 AM, Jeremy Monnet wrote:
> Hi,
>
> I am trying to setup an authentication against Active Directory, with
> multiple domains, and I haven't been able to fin
Hello,
I never fixed issues I had last year
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/5XUJLUVI5JZILZKDK5DRHK7PSQNIZZBD/
but I did made a new test on a brand new ubuntu up to date, and the
result is far better, though everything is not working.
As a remi
Hello,
On Tue, Feb 5, 2019 at 10:29 AM Jakub Hrozek wrote:
>
> > Now, everything is OK with the main domain, AFAIK, I can login, sudo
> > based on groups, etc. But for the child domain, most work, I can id a
> > user@child (that resolves the user and the groups associated), I can
> > "su - user@c
On Tue, Feb 5, 2019 at 3:35 PM Jeremy Monnet wrote:
>
> Hello,
>
> On Tue, Feb 5, 2019 at 10:29 AM Jakub Hrozek wrote:
> >
> > > Now, everything is OK with the main domain, AFAIK, I can login, sudo
> > > based on groups, etc. But for the child domain, most wor
On Fri, Feb 8, 2019 at 10:20 AM Sumit Bose wrote:
> > I looked at other objects an dit seems none have had the same SPN
> > registered, and I don't know at all how the object is created (other
> > that it is created when I "realm" the server). I will look at it a bit
> > !
>
> There is an issue i
Hello,
We upgraded today a RHEL 7.9 to RHEL8.3. We encounter now that error
KDC has no support for encryption type
which prevents authentication. The server has been remove and rejoin
to the Active Directory with realm join -U user@DOMAIN. The object has
been created in the AD (2012R2 in case it
Hello,
On Thu, May 6, 2021 at 7:40 AM Sumit Bose wrote:
>
> > > We upgraded today a RHEL 7.9 to RHEL8.3. We encounter now that error
> > > KDC has no support for encryption type
>
> Hi,
>
> this is most probably about the rc4 encryption type which is still
> heavily used in AD environments but al
Hi,
> To allow all the old (weak) RHEL7 crypto ciphers (like 3des-cbc and
> arcfour-hmac).
>
> It's not advisable to leave crypto-polcies at LEGACY -- that accepts some
> truly weak ciphers.
>
>
You are right, only I do not decide the AD version used... 2012R2 is
still supported by Microsoft, so
15 matches
Mail list logo
