Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
4
votes
2 answers

Why is squid breaking kerberos/NTLM auth?

I'm using squid 2.6.22 (Centos 5 Default) as a proxy. Squid seems to break the authentication process for web pages when they require NTLM or Kerberos Auth. I tested with sharepoint 2007 and tried all 3 authentication methods (NTLM, Kerberos,…
DonEstefan
  • 118
  • 2
  • 9
4
votes
3 answers

How to integrate RADIUS with Kerberos?

We've got properly configured LDAP+Kerberos on our wired network. Now we want our users to log in to our WiFi network by using their normal credentials. I've found lots of HOWTOS about LDAP+RADIUS but none of them mention Kerberos in the pack. Can…
minder
  • 709
  • 1
  • 5
  • 13
4
votes
1 answer

OpenLDAP on Windows and gssapi32

Upon trying to run OpenLDAP on Windows after a non-eventful installation, I get the error that gssapi32.dll is missing. Reinstalling does nothing to alleviate the problem, nor does altering the install settings/backend.
user45890
  • 43
  • 1
  • 3
4
votes
1 answer

Single Sign On for intranet with Apache and Linux MIT Kerberos

EDIT: SOLVED! See my answer below. Greetings, I am looking for a way to do a single sign on to an intranet in the following manner: A Linux user logs on via a graphical frontend (for example, GNOME). He automatically requests a TGT for his username…
Beerdude26
  • 101
  • 1
  • 7
4
votes
3 answers

Linux on Windows AD Domain

Successfully joined my Linux Box to a Windows AD Domain. Wanted to know from other admins if it us possible to specify what groups from windows ad is allowed to login? Otherwise anyone with a AD account can login. Suggestions?
Riaan
  • 411
  • 5
  • 13
4
votes
0 answers

kinit to get TGT returns “KrbException: Identifier doesn't match expected value (906)” under Windows Server 2016 Active Directory + Kerberos + JDK8

Trying to make Windows Server 2016 Active Directory + Kerberos and Java OpenJDK 8 kinit to obtain a ticket-granting ticket returns KrbException: Identifier doesn't match expected value (906) I have two Azure VMs, and I want to obtain a kinit…
Victor Polo De Gyves Montero
  • 141
  • 1
  • 4
3
votes
2 answers

Why the reverse DNS lookup of SPN during initial phase of Kerberos authentication?

At its base, Kerberos isn't an overly complicated protocol. I have also already successfully configured a server to accept Kerberos authentications via SPNEGO HTTP headers. I'm new in this area though, so maybe I have just overlooked…
Petr Bodnár
  • 159
  • 1
  • 5
3
votes
1 answer

Unable to log in to FreeIPA web ui - "Login failed due to an unknown reason."

After Fedora server update, my Freeipa broke and I am not sure how to deal with it. Does anyone have some ideas what might be the issue? I am unable to log in to web UI nor execute any IPA command. $ journalctl gssproxy[910]: gssproxy[951]: (OID: {…
tmdag
  • 133
  • 1
  • 6
3
votes
2 answers

setspn does not affect Active Directory Users

I run the setspn command for specific user on Domain Controller. C:\>setspn -s example/username.companyname.com username Checking domain DC=companyname,DC=com Registering ServiceprincipalNames for CN=username,CN=Users,DC=companyname,DC=com …
GriGrim
  • 91
  • 6
3
votes
2 answers

Samba4 AD DC setup and working, but won't connect with Windows 7 or 10

I've gotten a Samba 4 AD DC setup running on Ubuntu 18.04 LTS. I used this tutorial to make it work: https://www.tecmint.com/install-samba4-active-directory-ubuntu/ The problem is I can't get my Windows 7 or 10 clients to connect to the domain. Here…
jfreak53
  • 188
  • 1
  • 3
  • 25
3
votes
1 answer

Can Jenkins utilize the user's Kerberos ticket?

I'm setting up a new Jenkins server. It will authenticate users against the corporate AD. Most of the tasks we have in mind require logging-in to other hosts (via ssh). Can Jenkins be configured to, upon a user's login: Obtain a Kerberos ticket…
Mikhail T.
  • 2,272
  • 1
  • 22
  • 49
3
votes
0 answers

SSSD - Server not found in kerberos database

I've been trying to setup SSSD on a CentOS 7 machine to join with a windows AD for user management. I've managed to get Kerberos working independently of this setup, using LDAPS as the transport protocol. I have also successfully joined the machine…
lgg
  • 31
  • 1
  • 2
3
votes
1 answer

macOS High Sierra issues mounting Kerberized NFSv4 shares

I'm using FreeIPA for LDAP/Kerberos and I've created a principal for a storage appliance (Dell/EMC UnityVSA VM). I have setup the VSA with a keytab from IPA, I've also setup within the VSA the LDAP configuration and created a NAS with support for…
user3814483
  • 183
  • 9
3
votes
1 answer

PAM with pam_krb5 to authenticate nginx requests

I am aware of the gazzilion pam / nginx questions here and on "Unix/Linux" but they are either unanswered or not related to my setup - so i try again :) TL;dr While the setup works perfectly with an Apache+mod_kerb_auth combination, i fail to get…
Eugen Mayer
  • 277
  • 1
  • 4
  • 15
3
votes
1 answer

DO i need anything else like roles to install kerberoes

I want to test or install Kerberoes for authentication. Is it a part of AD DS or a stand alone application which i can install on window server 2008 Do i need anything else to make it working
John
1 2 3
75 76