Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
3
votes
0 answers

NFSv4 and idmapping

Alright, I am close to giving up on this but here is to one more attempt. I have more questions than answers and any help would be greatly appreciated. The operating system on the server is Debian Stretch, on the client it is Debian Sid. I have a…
Ivan
  • 173
  • 5
3
votes
1 answer

How can I join a machine to a domain with duplicate short-names in the same forest?

I have 4 Domains, 1 Forest Root, 3 children. The children are nearly replicas, and have their machines named the same in all 3 child domains. For…
Jacob Evans
  • 7,636
  • 3
  • 25
  • 55
3
votes
1 answer

IPA server NFS services adding issue centos 7.2

I'm having an issue with adding NFS services to IPA server (after login to the IPA server and kinit admin). When I execute the line below: [root@ipa ~]# ipa service-add nfs/server1.example.com I'm getting the error ipa: ERROR: Host does not have…
cms 54
  • 31
  • 2
3
votes
2 answers

SSSD Kerberos Authentication vs AD

I am trying to setup SSSD to authenticate to AD, and want to do in most secure way possible. I noticed when setting auth_provider = adPort 389 is open. We have firewall rules in place that are blocking port 389. Setting ldap_service_port = 636 did…
CodyK
  • 165
  • 1
  • 9
3
votes
3 answers

Kerberos error while initializing kadmin interface from admin server

I updated my master key for my Kerberos 5 server following the MIT Kerberos 5 instructions. I restarted the kdc and kadmind services and used krb5-prop to push the changes to the other servers. Now I am unable to connect with kadmin from any server,…
jla
  • 153
  • 1
  • 1
  • 7
3
votes
0 answers

Mount CIFS-share with users Kerberos-Ticket

we want to mount shares through autofs. Nothing special we thought. But: this must be done in some complex active directory circumstances. What we have: integrated Ubuntu 14.04 workstations on which users can login with their windows credentials.…
cbuchey
  • 41
  • 2
3
votes
2 answers

Does Active Directory send a user's access token across the network?

Question: does AD send a user's access token across the network? Research: The following two passages contradict themselves--given that TGTs are transmitted across the network by design. From the 5th Edition of Active Directory by Oreilly: Most…
mellow-yellow
  • 431
  • 5
  • 14
3
votes
1 answer

gssproxy: apache httpd as nfs-client? centos7

When Apache httpd attempts to access a user directory automounted with sec=krb5p, and presumably other sec=krb options, gssproxy issues a failure message and the web server replies with 403 Forbidden. The debug option on gssproxy has not been…
84104
  • 12,698
  • 6
  • 43
  • 75
3
votes
1 answer

wbinfo -u does not show AD users (is empty)

We have a problem on a Ubuntu Server 14.04 (fileserver) connected to AD on a Windows Server 2008 R2 using Samba (version 4.3.8)/WinBind and Kerberos. The problem is that users do not have writing permissions in their personal folders. We also noted…
moster67
  • 143
  • 1
  • 6
3
votes
2 answers

Are SPNs specific to Windows and Active Directory?

Are Service Principle Names specific to Active Directory on Windows? Or do they exist in Linux OpenLDAP / Kerberos KDC servers too?
leeand00
  • 4,807
  • 13
  • 64
  • 106
3
votes
0 answers

Kerberos keytab file not working

I have two AD domains and I'm trying to use NFS with Kerberos to both of them. Part of the procedure requires creating keytab files for the host and nfs principals for the client and server respectively. I am using the same batch files on both DCs…
Rob Marshall
  • 131
  • 2
3
votes
1 answer

Kerberos authentication fails when local password is expired

I am using pam_krb5 with local accounts (Linux) for AD password authentication. Things are working great, users are able to authenticate with both AD and local passwords. I am having a problem though, when the local password expires Kerberos…
j_nix
  • 33
  • 3
3
votes
3 answers

Unable to join domain using samba tool net or realm/sssd

On a rhel7 server I am trying to join the server to a domain, but I am getting the following failure: net ads join -S domain.example.org -U name Enter name's password: Failed to join domain: failed to set machine kerberos encryption types:…
aseq
  • 4,550
  • 1
  • 22
  • 46
3
votes
1 answer

Proxy Kerberos Authentication - Kerberos Service Ticket Issues

I have a BlueCoat ProxySG that is able to authenticate users via Kerberos. It is set to "Proxy" so it requires user authentication for each new TCP connection. Users have a Single Sign On and their PC's automatically pass their Windows login…
NetRay
  • 131
  • 1
  • 6
3
votes
1 answer

Kerberos Error APP_MODIFIED when using a CNAME DNS record

I have a production server, which I'll call CONTOSO\MachineA, running SQL Server. I have a development server, which I'll call CONTOSO\MachineB, running IIS. Both servers are running Windows Server 2008. I have a domain user, which I'll call…
Ethan Reesor
  • 165
  • 9
1 2 3
75 76