Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
3
votes
0 answers

SSSD procedure for staying joined when renaming AD computer object

Shooting for the moon with this question here. In Windows if you join a client to an AD domain and later if you want to rename the computer object you can do so "seamlessly" without it breaking the AD membership of the client. I want to accomplish…
SeligkeitIstInGott
  • 149
  • 2
  • 5
  • 18
2
votes
0 answers

Globally disable reverse DNS lookup for Kerberos on Windows?

I know one can disable the reverse DNS lookup made by individual client applications when calculating SPN of the called server during Kerberos authentication. There are various ways, e. g.: In Java: Java + Kerberos - disable reverse DNS…
Petr Bodnár
  • 159
  • 1
  • 5
2
votes
0 answers

how should I proceed debugging NFS4+Kerberos?

I have a working NFS4 setup. The server is called bluebox.lan and it exports: /mnt bluescreen.lan(rw,no_root_squash,crossmnt) The client is called bluescreen.lan and it is able to mount bluebox's nfs using: mount -t nfs4 -o nfsvers=4.2…
Mathijs Kwik
  • 121
  • 2
2
votes
0 answers

Active Directory Realm trust with MIT KDC and Referrals/Host Mappings

I can create a one-way trust between an Active Directory and a MIT KDC but what I'd like to know is whether Active Directory supports Kerberos Referrals (RFC 6806) as well in this scenario. This'd allow clients to automatically figure out which…
Lars Francke
  • 125
  • 5
2
votes
0 answers

How to delete Samba and Kerberos data to start everything from scratch?

I'm doing some experiments with Samba and Kerberos on Ubuntu Server Cuttlefish, by installing samba, krb5-config, and winbind. When installing Kerberos in interactive mode, it asked some questions to automatically config some settings: …
Livy
  • 163
  • 4
2
votes
1 answer

Kerberos Ticket Hand-off No Good on Chrome on macOS X

I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their…
user490549
  • 21
  • 3
2
votes
1 answer

SSSD+Samba+SSH GSSAPI authentication issues

I am configuring SSSD+Samba+SSH on CentOS 7.6. So far I have managed to get all 3 at least working. SSSD is configured and joined using realm join. Samba is configured and connected to AD via net ads join. However, for some reason I cannot get…
Eroji
  • 203
  • 2
  • 4
  • 8
2
votes
0 answers

Is it possible to limit SSRS authentication to Kerberos only?

We have an instance of SSRS (SQL Server Reporting Services) which uses Kerberos Constrained Delegation to fetch data for its reports from SQL Server on behalf of its users. For this purpose, SSRS was configured to use
Cat Mucius
  • 145
  • 1
  • 11
2
votes
1 answer

Synchronisation between office365 and local Active Directory via Custom field

I'm trying co connect local Active Directory to office365 for usersync. In this documentation i have found that i need make resolvable suffix in userPrincipalName and move legacy Kerberos principal to combination of sAMAccoutName+@Realm The…
UNIm95
  • 123
  • 5
2
votes
1 answer

manually expire a kerberos ticket for a session

I am using NFS service over kerberos. The client mounting the NFS share obtains the ticket from kdc server and works perfect in terms of accessing the NFS share. My requirement is that I need to expire the ticket in between accessing the NFS share…
pynix
  • 21
  • 2
2
votes
2 answers

Kerberos KDC server in a docker container

I'm running a MIT Kerberos KDC and Kadmin server instances on a docker container for convenience. Am able to build it and run it without a problem, with only extracting important configs do a docker volumes. Am also connecting the KDC to OpenLDAP…
runr
  • 133
  • 2
  • 6
2
votes
1 answer

Authenticate AD user after joining CentOS 7 to Active Directory Domain

I am trying to join a CentOS 7.5 to a Windows Active Directory Domain for authenticating AD users. Although, the joining process has been successful, I'm unable to authenticate any users though. Following are the steps that were taken. Firstly, I…
hypersonics
  • 213
  • 3
  • 9
2
votes
1 answer

How do you setup an NFS4 server that utilises Kerberos authentication from an Active Directory KDC using CentOS Linux release 7.6.1810 (Core)

How do you setup an NFS4 server with Kerberos from Active Directory? I can install and configure an NFS4 server and connect to it, but I can not get Kerberos to work under any circumstances where the Active Directory controls the KDC. Not even with…
Tobias
  • 86
  • 1
  • 7
2
votes
2 answers

Joining workstations to the domain as a member of Protected Users group (Delegation vs User Rights)

Implementing "Protected Users" and coming across this problem that I couldn't find a solution to anywhere. Cannot join computers to the domain with delegation permissions. Instead "Add workstation to the domain" right was assigned to a…
Igor Akula
  • 23
  • 3
2
votes
1 answer

Samba/Kerberos: Cannot contact any KDC, Kerberos not listening?

Newly built standalone AD DC (test bed in preparation for replacing venerable NT4 installation). Fresh and fully updated 4.3.11 on 16.04LTS. Followed Samba wikis, simple enough. Haven't messed with smb.conf, per warnings: [global] workgroup…
feldmrob
  • 41
  • 5
1 2 3
75 76