Hi Spike,
thanks a lot for your findings ! I appreciate your effort.
I also played around with the TRUSTED_FOR_DELEGATION flag on the machine
account, and yes
it looks like the behaviour is consistent.
( I had a case where I got a TGT without the TRUSTED_FOR_DELEGATION flag set on
the machine
Hi James, thanks a lot for your interesting reply..
in order to investigate this issue, I've set up an Windows Server 2012
evaluation copy on my Linux laptop as an VM using QEMU.
With that, I also added two more VM's : a Windows 10 client and a Linux Fedora
37 server with sssd configured and
On the Windows laptop, I opened up a CMD windows and entered 'klist'..
All tickets listed there have Ticket Flags 'forwardable'..
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to
Hi Sam,
> Have you enabled Connection -> SSH -> Auth -> GSSAPI -> Allow GSSAPI
credential delegation?
yes I did. That did not solve the issue, but since this is on a corporate AD
domain, I do not have the permission to
check if the Windows laptop has 'Trust this computer for delegation to any
Thanks for your elaboration on this Spike ! This'll help me understand the
functional picture ...
___
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of
OK.. too stupid ! I forgot to clear the credentials using 'kdestroy -A'
before retrying with Putty..
so, the original problem is still there... I don't get a Kerberos ticket if
logging on to Linux from Windows using Putty.
___
sssd-users mailing
Well , Alexey triggered something in my head :-)
Since Putty behaviour was different than ssh, I started looking into the Putty
configuration...
and there we go ! In Settings -> Connection -> SSH -> Auth -> GSSAPI there
was an option
called 'Allow GSSAPI credential delegation' ...
enabling
Hi Alexey, thanks for responding !
I tried 'ssh' to logon.. I need to specifiy my (AD) password then, but yes,
after I'm logged on 'klist' succesfully lists my TGT. Cool !
But the goal here is to login using SSO from Windows to Linux using Putty. My
understanding is that SPNego is involved,
Hi all,
I have the same issue as was already reported here in 2016 :
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/message/3IQLPN4JLFQJDXN6G3HQH3SEZ2AGEEBE/
however there was no reply given.
Running sssd on RedHat linux 7 using 'ad' as the 'auth_provider' I